HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2020-02-11T08:35:12
Updated: 2024-08-04T08:30:24.598Z
Reserved: 2020-01-06T00:00:00
Link: CVE-2020-5529
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-02-11T12:15:21.210
Modified: 2023-12-07T17:56:27.147
Link: CVE-2020-5529
Redhat