Back to search
CVE-2020-5529
Published: Feb 11, 2020
Modified: Oct 15, 2024
PUBLISHED
Description
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
| Vendor | Product | Versions |
|---|---|---|
HtmlUnit Project | HtmlUnit | affected prior to 2.37.0 |
References
https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0
x_refsource_CONFIRM
https://jvn.jp/en/jp/JVN34535327/
third-party-advisory
x_refsource_JVN
[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update
mailing-list
x_refsource_MLIST
USN-4584-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now