CVE-2021-37714

CWE-248CWE-835CWE-400Uncontrolled Resource Consumption13 documents9 sources
Severity
7.5HIGH
EPSS
4.4%
top 11.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
JHY JsoupJsoup JsoupOracle Stream Analytics+13 more
Timeline
PublishedAug 18
Latest updateNov 21

Description

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available worka

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages18 packages

CVEListV5jhy/jsoup< 1.14.2
NVDjsoup/jsoup< 1.14.2
Mavenorg.jsoup:jsoup< 1.14.2
Debianjsoup< 1.14.2-1+2

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
Uncaught Exception in jsoup2021-08-23
OSV
Uncaught Exception in jsoup2021-08-23
CVEList
Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions2021-08-18
OSV
CVE-2021-37714: jsoup is a Java library for working with HTML2021-08-18

📋Vendor Advisories

8
Atlassian
CVE-2021-37714: DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server2023-11-21
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Portal Core (jsoup) — CVE-2021-377142023-10-15
Oracle
Oracle Oracle GoldenGate Risk Matrix: Oracle Stream Analytics (jsoup) — CVE-2021-377142022-07-15
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Infrastructure (jsoup) — CVE-2021-377142022-04-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: ISC (jsoup) — CVE-2021-377142022-01-15