CVE-2023-49093

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7	Exploit Vendor Advisory
https://www.htmlunit.org/changes-report.html#a3.9.0	Release Notes
https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7	Exploit Vendor Advisory
https://www.htmlunit.org/changes-report.html#a3.9.0	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-04 05:15

Updated : 2024-11-21 08:32

NVD link : CVE-2023-49093

Mitre link : CVE-2023-49093

CVE.ORG link : CVE-2023-49093

JSON object : View

Products Affected

htmlunit

htmlunit

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

NVD-CWE-noinfo

{"id": "CVE-2023-49093", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-12-04T05:15:07.430", "references": [{"url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.htmlunit.org/changes-report.html#a3.9.0", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.htmlunit.org/changes-report.html#a3.9.0", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0"}, {"lang": "es", "value": "HtmlUnit es un navegador sin GUI para programas Java. HtmlUnit es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de XSTL, al navegar por la p\u00e1gina web del atacante. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.9.0."}], "lastModified": "2024-11-21T08:32:48.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45B7FEC9-75EF-47FE-8A49-5FBA5E54A823", "versionEndExcluding": "3.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}