{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5529", "ASSIGNER": "vultures@jpcert.or.jp", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "HtmlUnit", "version": { "version_data": [ { "version_value": "prior to 2.37.0" } ] } } ] }, "vendor_name": "HtmlUnit Project" } ] } }, "description": { "description_data": [ { "lang": "eng", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote code execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", "refsource": "CONFIRM", "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0" }, { "name": "https://jvn.jp/en/jp/JVN34535327/", "refsource": "JVN", "url": "https://jvn.jp/en/jp/JVN34535327/" }, { "refsource": "MLIST", "name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E" } ] } }