Описание
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
Impact
NekoHtml Parser suffers from a denial of service vulnerability on versions 2.60.0 and below. A specifically crafted input regarding the parsing of processing instructions leads to heap memory consumption. Please update to version 2.61.0.
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/HtmlUnit/htmlunit-neko
- Email us at [rbri at rbri.de]
Пакеты
net.sourceforge.htmlunit:neko-htmlunit
< 2.61.0
2.61.0
Связанные уязвимости
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
Уязвимость компонента Centralized Thirdparty Jars (NekoHTML) сервера приложений Oracle WebLogic Server и программной платформы Oracle Fusion Middleware, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании»