net.sourceforge.htmlunit:htmlunit@2.43.0 vulnerabilities

latest version

2.70.0

first published

17 years ago

latest version published

2 years ago

licenses detected

Apache-2.0
[0,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the net.sourceforge.htmlunit:htmlunit package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Denial of Service (DoS) net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs Affected versions of this package are vulnerable to Denial of Service (DoS). If HtmlUnit runs on user-supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. Note: In case the payload is sent to an API endpoint which accepts user-supplied input without sanitization or validation, it is possible to trigger this vulnerability without user interaction. How to fix Denial of Service (DoS)? Upgrade `net.sourceforge.htmlunit:htmlunit` to version 2.70.0 or higher.	[,2.70.0)
C Remote Code Execution (RCE) net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs Affected versions of this package are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. Note: Users are advised to upgrade to `org.htmlunit:htmlunit` component `v3.0.0` as it contains a fix for this issue. How to fix Remote Code Execution (RCE)? A fix was pushed into the `master` branch but not yet published.	[0,)

Denial of Service (DoS)

net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs

Affected versions of this package are vulnerable to Denial of Service (DoS). If HtmlUnit runs on user-supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow.

Note:

In case the payload is sent to an API endpoint which accepts user-supplied input without sanitization or validation, it is possible to trigger this vulnerability without user interaction.

How to fix Denial of Service (DoS)?

Upgrade net.sourceforge.htmlunit:htmlunit to version 2.70.0 or higher.

[,2.70.0)

Remote Code Execution (RCE)

net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.

Note: Users are advised to upgrade to org.htmlunit:htmlunit component v3.0.0 as it contains a fix for this issue.

How to fix Remote Code Execution (RCE)?

A fix was pushed into the master branch but not yet published.

[0,)

Go back to all versions of this package