CVE-2023-2798
published 2023-05-25CVE-2023-2798: Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.91%
55.4th percentile
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| htmlunit | htmlunit | < 2.70.0 | 2.70.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Unrestricted recursion in htmlunit
ghsa·2023-05-25
CVE-2023-2798 [HIGH] CWE-400 Unrestricted recursion in htmlunit
Unrestricted recursion in htmlunit
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack. This issue affects HtmlUnit before 2.70.0.
OSV
Unrestricted recursion in htmlunit
osv·2023-05-25
CVE-2023-2798 [HIGH] Unrestricted recursion in htmlunit
Unrestricted recursion in htmlunit
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack. This issue affects HtmlUnit before 2.70.0.
OSV
CVE-2023-2798: Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS)
osv·2023-05-25·CVSS 7.5
CVE-2023-2798 [HIGH] CVE-2023-2798: Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS)
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
Red Hat
htmlUnit: Stack overflow crash causes Denial of Service (DoS)
vendor_redhat·2023-05-25·CVSS 7.5
CVE-2023-2798 [HIGH] CWE-400 htmlUnit: Stack overflow crash causes Denial of Service (DoS)
htmlUnit: Stack overflow crash causes Denial of Service (DoS)
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.
A flaw was found in HtmlUnit. This issue may allow a malicious user to supply content to htmlUnit, which could cause a crash by stack overflow, leading to a Denial of Service (DoS).
Package: org.jboss.windup-windup-parent (Migration Toolkit for Applications 6) - Affected
Package: org.jboss.windup-windup-parent (Migration Toolkit for Runtimes) - Not affected
Package: htmlUnit (Red Hat Data Grid 8) -
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-25
Published