You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
mend-bolt-for-githubbot
changed the title
CVE-2022-29546 (Medium) detected in neko-htmlunit-2.52.0.jar
CVE-2022-29546 (High) detected in neko-htmlunit-2.52.0.jar
Jul 14, 2022
CVE-2022-29546 - High Severity Vulnerability
Vulnerable Library - neko-htmlunit-2.52.0.jar
HtmlUnit adaptation of NekoHtml. It has the same functionality but exposing HTMLElements to be overridden.
Library home page: http://www.GargoyleSoftware.com/
Path to dependency file: /pom.xml
Path to vulnerable library: /itory/net/sourceforge/htmlunit/neko-htmlunit/2.52.0/neko-htmlunit-2.52.0.jar
Dependency Hierarchy:
Found in HEAD commit: cdebd3945d2c6fad27e1516bdfded92925ff0d90
Found in base branch: main
Vulnerability Details
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
Publish Date: 2022-04-25
URL: CVE-2022-29546
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-04-25
Fix Resolution: 2.61.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: