CVE-2020-5529

Priority
Description
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit
initializes Rhino engine improperly, hence a malicious JavScript code can
execute arbitrary Java code on the application. Moreover, when embedded in
Android application, Android-specific initialization of Rhino engine is
done in an improper way, hence a malicious JavaScript code can execute
arbitrary Java code on the application.
Ubuntu-Description
It was discovered that HtmlUnit incorrectly initialized Rhino engine. An
Attacker could possibly use this issue to execute arbitrary Java code.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.8-1ubuntu2.1)
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-10-20 18:15:47 UTC (commit c783a1a1043ef2c4d79f24ef876f701b74c026d2)