{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49093", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-21T18:57:30.429Z", "datePublished": "2023-12-04T04:47:27.145Z", "dateUpdated": "2024-08-02T21:46:28.698Z"}, "containers": {"cna": {"title": "HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"}, {"name": "https://www.htmlunit.org/changes-report.html#a3.9.0", "tags": ["x_refsource_MISC"], "url": "https://www.htmlunit.org/changes-report.html#a3.9.0"}], "affected": [{"vendor": "HtmlUnit", "product": "htmlunit", "versions": [{"version": "< 3.9.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-04T04:47:27.145Z"}, "descriptions": [{"lang": "en", "value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0"}], "source": {"advisory": "GHSA-37vq-hr2f-g7h7", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:28.698Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"}, {"name": "https://www.htmlunit.org/changes-report.html#a3.9.0", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.htmlunit.org/changes-report.html#a3.9.0"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", "matchCriteriaId": "45B7FEC9-75EF-47FE-8A49-5FBA5E54A823", "versionEndExcluding": "3.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0"}, {"lang": "es", "value": "HtmlUnit es un navegador sin GUI para programas Java. HtmlUnit es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de XSTL, al navegar por la p\u00e1gina web del atacante. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.9.0."}], "id": "CVE-2023-49093", "lastModified": "2023-12-11T19:33:53.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-04T05:15:07.430", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://www.htmlunit.org/changes-report.html#a3.9.0"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "htmlunit: Feature for secure processing disabled in the XSLT processor", "id": "2252942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252942"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-94", "details": ["HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker\u2019s webpage. This vulnerability has been patched in version 3.9.0", "A flaw was found in HTMLUnit. Fetching external resources may be possible for XSLT processors with the Feature for Secure Processing disabled (FSP), allowing code injection and arbitrary code execution. HTMLUnit is vulnerable to this type of attack by default."], "name": "CVE-2023-49093", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Will not fix", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1", "fix_state": "Will not fix", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Migration Toolkit for Runtimes"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit/htmlunit", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "htmlUnit", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "impact": "low", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "impact": "low", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "net.sourceforge.htmlunit-htmlunit-jar", "product_name": "streams for Apache Kafka"}], "public_date": "2023-12-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-49093\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49093\nhttps://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7"], "threat_severity": "Important", "upstream_fix": "htmlunit 3.9.0"}