Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yYzQ0LTVjbWgtODc5bc4AAzeU
Unrestricted recursion in htmlunit
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack. This issue affects HtmlUnit before 2.70.0.
Permalink: https://github.com/advisories/GHSA-rc44-5cmh-879mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yYzQ0LTVjbWgtODc5bc4AAzeU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 12 months ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-rc44-5cmh-879m, CVE-2023-2798
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-2798
- https://github.com/HtmlUnit/htmlunit/commit/940dc7fd
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613
- https://github.com/HtmlUnit/htmlunit/releases/tag/2.70.0
- https://github.com/advisories/GHSA-rc44-5cmh-879m
Blast Radius: 1.0
Affected Packages
maven:org.htmlunit:htmlunit
Affected Version Ranges: < 2.70.0Fixed in: 2.70.0