CVE-2022-28366
Summary
| CVE | CVE-2022-28366 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-21 23:15:00 UTC |
| Updated | 2023-12-07 17:56:00 UTC |
| Description | Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Antisamy Project | Antisamy | All | All | All | All |
| Application | Cyberneko Html Project | Cyberneko Html | All | All | All | All |
| Application | Htmlunit | Htmlunit | All | All | All | All |
| Application | Htmlunit Project | Htmlunit | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release Release version 1.6.6 · nahsra/antisamy · GitHub | MISC | github.com | |
| Maven Central Repository Search | MISC | search.maven.org | |
| HtmlUnit - Browse /htmlunit/2.27 at SourceForge.net | MISC | sourceforge.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 379158 Atlassian Jira Service Management Data Center and Server Third-Party Dependency Vulnerability (JSDSERVER-14921)
- 730976 Atlassian Confluence Data Center and Server Denial of Service (DoS) Vulnerability (CONFSERVER-93169)
- 731318 Atlassian Jira Software Data Center and Server Denial of Service (DoS) Vulnerability (JSWSERVER-25843)