CVE-2023-2798 – org.htmlunit:htmlunit

Package

Manager: maven
Name: org.htmlunit:htmlunit
Vulnerable Version: >=0 <2.70.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00073 pctl0.22774

Details

Unrestricted recursion in htmlunit Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack. This issue affects HtmlUnit before 2.70.0.

Metadata

Created: 2023-05-25T15:30:17Z
Modified: 2023-05-25T17:02:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-rc44-5cmh-879m/GHSA-rc44-5cmh-879m.json
CWE IDs: ["CWE-400", "CWE-787"]
Alternative ID: GHSA-rc44-5cmh-879m
Finding: F067
Auto approve: 1