net.sourceforge.htmlunit:htmlunit@2.52.0 vulnerabilities

latest version

2.70.0
first published

17 years ago
latest version published

2 years ago
licenses detected
- Apache-2.0
  [0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the net.sourceforge.htmlunit:htmlunit package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Denial of Service (DoS) net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs Affected versions of this package are vulnerable to Denial of Service (DoS). If HtmlUnit runs on user-supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. Note: In case the payload is sent to an API endpoint which accepts user-supplied input without sanitization or validation, it is possible to trigger this vulnerability without user interaction. How to fix Denial of Service (DoS)? Upgrade `net.sourceforge.htmlunit:htmlunit` to version 2.70.0 or higher.	[,2.70.0)
C Remote Code Execution (RCE) net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs Affected versions of this package are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. Note: Users are advised to upgrade to `org.htmlunit:htmlunit` component `v3.0.0` as it contains a fix for this issue. How to fix Remote Code Execution (RCE)? A fix was pushed into the `master` branch but not yet published.	[0,)

Denial of Service (DoS)

net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs

Affected versions of this package are vulnerable to Denial of Service (DoS). If HtmlUnit runs on user-supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow.

Note:

In case the payload is sent to an API endpoint which accepts user-supplied input without sanitization or validation, it is possible to trigger this vulnerability without user interaction.

How to fix Denial of Service (DoS)?

Upgrade net.sourceforge.htmlunit:htmlunit to version 2.70.0 or higher.

[,2.70.0)

Remote Code Execution (RCE)

net.sourceforge.htmlunit:htmlunit is a GUI-Less browser for Java programs

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.

Note: Users are advised to upgrade to org.htmlunit:htmlunit component v3.0.0 as it contains a fix for this issue.

How to fix Remote Code Execution (RCE)?

A fix was pushed into the master branch but not yet published.

[0,)

Go back to all versions of this package

net.sourceforge.htmlunit:htmlunit@2.52.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities