2020-01-06 15:01:45 +00:00
{
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
"CVE_data_meta" : {
"ID" : "CVE-2020-5529" ,
2020-02-11 17:04:55 +09:00
"ASSIGNER" : "vultures@jpcert.or.jp" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HtmlUnit" ,
"version" : {
"version_data" : [
{
"version_value" : "prior to 2.37.0"
}
]
}
}
]
} ,
"vendor_name" : "HtmlUnit Project"
}
]
}
2020-01-06 15:01:45 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2020-02-11 17:04:55 +09:00
"value" : "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Remote code execution"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2020-02-11 17:30:50 +09:00
"name" : "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0" ,
2020-02-11 17:04:55 +09:00
"refsource" : "CONFIRM" ,
"url" : "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"
} ,
{
2020-02-11 17:30:50 +09:00
"name" : "https://jvn.jp/en/jp/JVN34535327/" ,
2020-02-11 17:04:55 +09:00
"refsource" : "JVN" ,
"url" : "https://jvn.jp/en/jp/JVN34535327/"
2020-05-20 13:01:27 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529" ,
"url" : "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E"
2020-01-06 15:01:45 +00:00
}
]
}
2020-05-20 13:01:27 +00:00
}
