Path to dependency file: /testsuite/integration-arquillian/tests/other/sssd/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/sourceforge/htmlunit/neko-htmlunit/2.27/neko-htmlunit-2.27.jar,/home/wss-scanner/.m2/repository/net/sourceforge/htmlunit/neko-htmlunit/2.27/neko-htmlunit-2.27.jar
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
CVE-2022-29546 - High Severity Vulnerability
Vulnerable Libraries - neko-htmlunit-2.27.jar, neko-htmlunit-2.25.jar
neko-htmlunit-2.27.jar
HtmlUnit adaptation of NekoHtml. It has the same functionality but exposing HTMLElements to be overridden.
Library home page: http://htmlunit.sourceforge.net
Path to dependency file: /testsuite/integration-arquillian/tests/other/sssd/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/sourceforge/htmlunit/neko-htmlunit/2.27/neko-htmlunit-2.27.jar,/home/wss-scanner/.m2/repository/net/sourceforge/htmlunit/neko-htmlunit/2.27/neko-htmlunit-2.27.jar
Dependency Hierarchy: - graphene-webdriver-2.3.2.pom (Root Library) - arquillian-drone-webdriver-depchain-2.5.2.pom - htmlunit-driver-2.27.jar - htmlunit-2.27.jar - :x: **neko-htmlunit-2.27.jar** (Vulnerable Library)
neko-htmlunit-2.25.jar
HtmlUnit adaptation of NekoHtml. It has the same functionality but exposing HTMLElements to be overridden.
Library home page: http://htmlunit.sourceforge.net
Path to dependency file: /testsuite/model/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/net/sourceforge/htmlunit/neko-htmlunit/2.25/neko-htmlunit-2.25.jar
Dependency Hierarchy: - integration-arquillian-tests-base-13.0.0-SNAPSHOT.jar (Root Library) - graphene-webdriver-2.3.2.pom - arquillian-drone-webdriver-depchain-2.4.3.pom - htmlunit-driver-2.26.jar - htmlunit-2.26.jar - :x: **neko-htmlunit-2.25.jar** (Vulnerable Library)
Found in HEAD commit: 9686933e579cc74ebc1592f893a47c601bcf4403
Found in base branch: master
Vulnerability Details
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
Publish Date: 2022-04-25
URL: CVE-2022-29546
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29546
Release Date: 2022-04-25
Fix Resolution: neko-htmlunit - 2.61.0