HtmlUnit 2.66.0

CPE Details

HtmlUnit 2.66.0
htmlunit
htmlunit
2.66.0
2023-12-07
16h56 +00:00
2023-12-07
16h56 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:htmlunit:htmlunit:2.66.0:*:*:*:*:*:*:*

Informations

Vendor

htmlunit

Product

htmlunit

Version

2.66.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-49093 2023-12-04 04h47 +00:00 HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0
9.8
Critical
CVE-2023-2798 2023-05-25 13h54 +00:00 Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
7.5
High
CVE-2023-26119 2023-04-03 05h00 +00:00 Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.