{"containers": {"cna": {"affected": [{"product": "HtmlUnit", "vendor": "HtmlUnit Project", "versions": [{"status": "affected", "version": "prior to 2.37.0"}]}], "descriptions": [{"lang": "en", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."}], "problemTypes": [{"descriptions": [{"description": "Remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T23:06:14", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"}, {"tags": ["third-party-advisory", "x_refsource_JVN"], "url": "https://jvn.jp/en/jp/JVN34535327/"}, {"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"}, {"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"}, {"name": "USN-4584-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4584-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2020-5529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HtmlUnit", "version": {"version_data": [{"version_value": "prior to 2.37.0"}]}}]}, "vendor_name": "HtmlUnit Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", "refsource": "CONFIRM", "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"}, {"name": "https://jvn.jp/en/jp/JVN34535327/", "refsource": "JVN", "url": "https://jvn.jp/en/jp/JVN34535327/"}, {"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E"}, {"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"}, {"name": "USN-4584-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4584-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:24.598Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"}, {"tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN34535327/"}, {"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"}, {"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"}, {"name": "USN-4584-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4584-1/"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T17:16:12.338645Z", "id": "CVE-2020-5529", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T18:35:29.255Z"}}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2020-5529", "datePublished": "2020-02-11T08:35:12", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-10-15T18:35:29.255Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN34535327/", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E", "name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html", "name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4584-1/", "name": "USN-4584-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:30:24.598Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-5529", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-15T17:16:12.338645Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T18:11:19.425Z"}}], "cna": {"affected": [{"vendor": "HtmlUnit Project", "product": "HtmlUnit", "versions": [{"status": "affected", "version": "prior to 2.37.0"}]}], "references": [{"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://jvn.jp/en/jp/JVN34535327/", "tags": ["third-party-advisory", "x_refsource_JVN"]}, {"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E", "name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html", "name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://usn.ubuntu.com/4584-1/", "name": "USN-4584-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}], "descriptions": [{"lang": "en", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Remote code execution"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2020-10-20T23:06:14"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "prior to 2.37.0"}]}, "product_name": "HtmlUnit"}]}, "vendor_name": "HtmlUnit Project"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", "name": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", "refsource": "CONFIRM"}, {"url": "https://jvn.jp/en/jp/JVN34535327/", "name": "https://jvn.jp/en/jp/JVN34535327/", "refsource": "JVN"}, {"url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E", "name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html", "name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", "refsource": "MLIST"}, {"url": "https://usn.ubuntu.com/4584-1/", "name": "USN-4584-1", "refsource": "UBUNTU"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-5529", "STATE": "PUBLIC", "ASSIGNER": "vultures@jpcert.or.jp"}}}}, "cveMetadata": {"cveId": "CVE-2020-5529", "state": "PUBLISHED", "dateUpdated": "2024-10-15T18:35:29.255Z", "dateReserved": "2020-01-06T00:00:00", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2020-02-11T08:35:12", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAC2C61D-D942-4FFE-A5DF-2AC6988CA665", "versionEndExcluding": "2.37.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7F3BF7D-C547-4FBE-908C-BCB5D83BEDA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."}, {"lang": "es", "value": "HtmlUnit anterior a 2.37.0, contiene vulnerabilidades de ejecuci\u00f3n de c\u00f3digo. HtmlUnit inicializa el motor Rhino inapropiadamente, por lo tanto, un c\u00f3digo JavScript malicioso puede ejecutar c\u00f3digo Java arbitrario en la aplicaci\u00f3n. Adicionalmente, cuando se inserta en la aplicaci\u00f3n de Android, la inicializaci\u00f3n del motor Rhino espec\u00edfica de Android se lleva a cabo de manera inapropiada, por lo tanto, un c\u00f3digo JavaScript malicioso puede ejecutar c\u00f3digo Java arbitrario sobre la aplicaci\u00f3n."}], "id": "CVE-2020-5529", "lastModified": "2024-11-21T05:34:13.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2020-02-11T12:15:21.210", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN34535327/"}, {"source": "vultures@jpcert.or.jp", "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"}, {"source": "vultures@jpcert.or.jp", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4584-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN34535327/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4584-1/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "htmlunit: malicious JavaScript code leads to arbitrary java code execution", "id": "1803072", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803072"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-665->CWE-94", "details": ["HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."], "name": "CVE-2020-5529", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "htmlunit", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2020-02-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-5529\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5529"], "threat_severity": "Moderate"}