Path to dependency file: /dd-java-agent/instrumentation/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.33/9c84a0db5c8dac8adfd3d9af8b6f671fb5bfe652/htmlunit-2.33.jar
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.18/ec30f76601f7010abbc09cc8ec401cb183916371/htmlunit-2.18.jar
Path to dependency file: /dd-java-agent/instrumentation/play-2.3/play-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.13/1868243ebddae3c1a6b8a8c5beb832be14cc34ed/htmlunit-2.13.jar
Path to dependency file: /dd-smoke-tests/play-2.5/play-2.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.20/5100a7a7c356d571471c739fbf52cc1a2e9ccf17/htmlunit-2.20.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.20/5100a7a7c356d571471c739fbf52cc1a2e9ccf17/htmlunit-2.20.jar
Path to dependency file: /dd-java-agent/instrumentation/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.27/aea70f853583b0eadcaa6a0429595973036cc745/htmlunit-2.27.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.27/aea70f853583b0eadcaa6a0429595973036cc745/htmlunit-2.27.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.27/aea70f853583b0eadcaa6a0429595973036cc745/htmlunit-2.27.jar
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
CVE-2023-26119 - High Severity Vulnerability
htmlunit-2.33.jar
A headless browser intended for use in testing web-based applications.
Library home page: http://htmlunit.sourceforge.net
Path to dependency file: /dd-java-agent/instrumentation/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.33/9c84a0db5c8dac8adfd3d9af8b6f671fb5bfe652/htmlunit-2.33.jar
Dependency Hierarchy: - play-test_2.11-2.7.9.jar (Root Library) - htmlunit-driver-2.33.3.jar - :x: **htmlunit-2.33.jar** (Vulnerable Library)
htmlunit-2.18.jar
A headless browser intended for use in testing web-based applications.
Library home page: http://htmlunit.sourceforge.net
Path to dependency file: /dd-smoke-tests/play-2.4/play-2.4.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.18/ec30f76601f7010abbc09cc8ec401cb183916371/htmlunit-2.18.jar
Dependency Hierarchy: - play-test_2.11-2.4.11.jar (Root Library) - fluentlenium-core-0.10.9.jar - selenium-java-2.48.2.jar - selenium-htmlunit-driver-2.48.2.jar - :x: **htmlunit-2.18.jar** (Vulnerable Library)
htmlunit-2.13.jar
A headless browser intended for use in testing web-based applications.
Library home page: http://htmlunit.sourceforge.net
Path to dependency file: /dd-java-agent/instrumentation/play-2.3/play-2.3.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.13/1868243ebddae3c1a6b8a8c5beb832be14cc34ed/htmlunit-2.13.jar
Dependency Hierarchy: - play-test_2.11-2.3.10.jar (Root Library) - fluentlenium-festassert-0.9.2.jar - fluentlenium-core-0.9.2.jar - selenium-java-2.39.0.jar - selenium-htmlunit-driver-2.39.0.jar - :x: **htmlunit-2.13.jar** (Vulnerable Library)
htmlunit-2.20.jar
A headless browser intended for use in testing web-based applications.
Library home page: http://htmlunit.sourceforge.net
Path to dependency file: /dd-smoke-tests/play-2.5/play-2.5.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.20/5100a7a7c356d571471c739fbf52cc1a2e9ccf17/htmlunit-2.20.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.20/5100a7a7c356d571471c739fbf52cc1a2e9ccf17/htmlunit-2.20.jar
Dependency Hierarchy: - play-test_2.11-2.5.0.jar (Root Library) - :x: **htmlunit-2.20.jar** (Vulnerable Library)
htmlunit-2.27.jar
A headless browser intended for use in testing web-based applications.
Library home page: http://htmlunit.sourceforge.net
Path to dependency file: /dd-java-agent/instrumentation/play-2.6/play-2.6.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.27/aea70f853583b0eadcaa6a0429595973036cc745/htmlunit-2.27.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.27/aea70f853583b0eadcaa6a0429595973036cc745/htmlunit-2.27.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/net.sourceforge.htmlunit/htmlunit/2.27/aea70f853583b0eadcaa6a0429595973036cc745/htmlunit-2.27.jar
Dependency Hierarchy: - play-test_2.11-2.6.0.jar (Root Library) - htmlunit-driver-2.27.jar - :x: **htmlunit-2.27.jar** (Vulnerable Library)
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
Publish Date: 2023-04-03
URL: CVE-2023-26119
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-26119
Release Date: 2023-04-03
Fix Resolution: net.sourceforge.htmlunit:htmlunit:3.0.0