CVE-2023-2798

Опубликовано: 25 мая 2023

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.

A flaw was found in HtmlUnit. This issue may allow a malicious user to supply content to htmlUnit, which could cause a crash by stack overflow, leading to a Denial of Service (DoS).

Затронутые пакеты

Платформа	Пакет	Состояние
Migration Toolkit for Applications 6	org.jboss.windup-windup-parent	Affected
Migration Toolkit for Runtimes	org.jboss.windup-windup-parent	Not affected
Red Hat Data Grid 8	htmlUnit	Not affected
Red Hat Decision Manager 7	htmlUnit	Out of support scope
Red Hat Fuse 7	htmlUnit	Out of support scope
Red Hat Integration Camel K 1	htmlUnit	Not affected
Red Hat Integration Camel Quarkus 2	htmlUnit	Not affected
Red Hat JBoss Data Grid 7	htmlUnit	Out of support scope
Red Hat JBoss Enterprise Application Platform 6	htmlUnit	Out of support scope
Red Hat JBoss Enterprise Application Platform 7	htmlUnit	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2210366htmlUnit: Stack overflow crash causes Denial of Service (DoS)

EPSS

Процентиль: 22%

0.00073

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-2798

CVSS3: 7.5

ubuntu

больше 2 лет назад

CVE-2023-2798

CVSS3: 7.5

nvd

больше 2 лет назад

CVE-2023-2798

CVSS3: 7.5

debian

больше 2 лет назад

Those using HtmlUnit to browse untrusted webpages may be vulnerable to ...

GHSA-rc44-5cmh-879m

CVSS3: 7.5

github

больше 2 лет назад

Unrestricted recursion in htmlunit

EPSS

Процентиль: 22%

0.00073

Низкий

7.5 High

CVSS3