1. Home
  2. Vulnerabilities
  3. CVE-2020-5529

CVE-2020-5529

CVSS v3.1 8.1 (High)
81% Progress
CVSS v2.0 6.8 (Medium)
68% Progress
EPSS 0.40 % (74th)
0.40% Progress
Affected Products 4
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

Weaknesses
CWE-665
Improper Initialization
CVE Status
PUBLISHED
CNA
JPCERT/CC
Published Date
2020-02-11 12:15:21
(4 years ago)
Updated Date
2023-12-07 17:56:27
(9 months ago)

Affected Products

Apache

Canonical

Debian

Htmlunit

Configuration #1

    CPE23 From Up To
  Htmlunit prior 2.37.0 version cpe:2.3:a:htmlunit:htmlunit < 2.37.0

Configuration #2

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm

Configuration #4

    CPE23 From Up To
  Apache Camel cpe:2.3:a:apache:camel:-