CVE-2020-5529
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
HtmlUnit anterior a 2.37.0, contiene vulnerabilidades de ejecución de código. HtmlUnit inicializa el motor Rhino inapropiadamente, por lo tanto, un código JavScript malicioso puede ejecutar código Java arbitrario en la aplicación. Adicionalmente, cuando se inserta en la aplicación de Android, la inicialización del motor Rhino específica de Android se lleva a cabo de manera inapropiada, por lo tanto, un código JavaScript malicioso puede ejecutar código Java arbitrario sobre la aplicación.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2020-01-06 CVE Reserved
- 2020-02-11 CVE Published
- 2024-10-15 CVE Updated
- 2024-10-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-665: Improper Initialization
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0 | Release Notes | |
https://jvn.jp/en/jp/JVN34535327 | Third Party Advisory | |
https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E | Mailing List | |
https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/4584-1 | 2023-12-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Htmlunit Search vendor "Htmlunit" | Htmlunit Search vendor "Htmlunit" for product "Htmlunit" | < 2.37.0 Search vendor "Htmlunit" for product "Htmlunit" and version " < 2.37.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Apache Search vendor "Apache" | Camel Search vendor "Apache" for product "Camel" | - | - |
Affected
|