Количество 8
Количество 8
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVE-2021-37714
Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions
CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versi ...
SUSE-SU-2022:1265-1
Security update for jsoup, jsr-305
GHSA-m72m-mhq2-9p6c
Uncaught Exception in jsoup
BDU:2023-05361
Уязвимость Java-библиотеки анализа, извлечения и управления данными в документах HTML jsoup, связанная с недостатками в обработке исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes. | CVSS3: 7.5 | 4% Низкий | больше 4 лет назад |
 | CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes. | CVSS3: 7.5 | 4% Низкий | больше 4 лет назад |
 | CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes. | CVSS3: 7.5 | 4% Низкий | больше 4 лет назад |
 | CVE-2021-37714 Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions | CVSS3: 7.5 | 4% Низкий | 4 месяца назад |
| CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versi ... | CVSS3: 7.5 | 4% Низкий | больше 4 лет назад |
 | SUSE-SU-2022:1265-1 Security update for jsoup, jsr-305 | 4% Низкий | почти 4 года назад | |
| GHSA-m72m-mhq2-9p6c Uncaught Exception in jsoup | CVSS3: 7.5 | 4% Низкий | больше 4 лет назад |
 | BDU:2023-05361 Уязвимость Java-библиотеки анализа, извлечения и управления данными в документах HTML jsoup, связанная с недостатками в обработке исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 4% Низкий | больше 4 лет назад |
Уязвимостей на страницу