org.htmlunit:htmlunit

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.htmlunit:htmlunitpage 1 of 1

CVE-2023-2798HIGHCVSS 7.5EG 7.5✓ Fixed in 2.70.0
2023-05-25
Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. Th…
CVE-2023-49093CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.9.0
2023-12-04
vulnerable: 3.0.0 ... 3.8.0 (9 versions)
HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Check whether org.htmlunit:htmlunit is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.htmlunit:htmlunit CVEs against the assets you own.

Start Free Scan →