Question about htmlunit CVEs and neko-htmlunit and CVE-2023-49093

[wojteo]

Hi, is neko-htmlunit affected by CVE-2023-49093?

I never know if CVEs for htmlunit applies to neko or not. Should I assume that they always do? Is there a reason why CPEs do not point to neko?

[rbri]

@wojteo sorry for the confusion and maybe all the missing details in the HtmlUnit documentation.

1. neko is not effected by CVE-2023-49093
2. i try to document the neko related CVE's in the neko readme (https://github.com/HtmlUnit/htmlunit-neko)
3. CVE-2023-49093 was fixed with https://github.com/HtmlUnit/htmlunit/commit/e015082aa909fd9e1c2b5f9b26553ddc0ddbbcab

Hope that helps

[wojteo]

Thank you :)