Homepage
About Snyk

org.jsoup:jsoup@1.6.2 vulnerabilities

  • latest version

    1.17.2

  • latest non vulnerable version

    1.17.2

  • first published

    14 years ago

  • latest version published

    5 months ago

  • licenses detected

  • package manager

    View on Maven Repository
Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.jsoup:jsoup package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

org.jsoup:jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of HTML including javascript: URL expressions if the non-default SafeList.preserveRelativeLinks option is enabled and no Content Security Policy is set on the website.

Note: Users that are upgrading to the fixed version should also clean old content again because unsanitized input may have persisted.

How to fix Cross-site Scripting (XSS)?

Upgrade org.jsoup:jsoup to version 1.15.3 or higher.

[,1.15.3)
  • H
Denial of Service (DoS)

org.jsoup:jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

Affected versions of this package are vulnerable to Denial of Service (DoS). If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.

How to fix Denial of Service (DoS)?

Upgrade org.jsoup:jsoup to version 1.14.2 or higher.

[,1.14.2)
  • M
Cross-site Scripting (XSS)

org.jsoup:jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods. jsoup implements the WHATWG HTML5 specification, and parses HTML to the same DOM as modern browsers do.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to of improperly handling tags without a closing > when reaching EOF. JSoup did not properly validate user-supplied HTML content. Certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser.

How to fix Cross-site Scripting (XSS)?

Upgrade org.jsoup:jsoup to version 1.8.3 or higher.

[,1.8.3)
Go back to all versions of this package