QID 980408
QID 980408: Java (maven) Security Update for org.jsoup:jsoup (GHSA-m72m-mhq2-9p6c)
Security update has been released for org.jsoup:jsoup to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
_What kind of vulnerability is it? Who is impacted?_
Those using jsoup to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack.
Solution
_Has the problem been patched? What versions should users upgrade to?_
Users should upgrade to jsoup 1.14.2Workaround:
_Is there a way for users to fix or remediate the vulnerability without upgrading?_
Users may rate limit input parsing. Users should limit the size of inputs based on system resources. Users should implement thread watchdogs to cap and timeout parse runtimes.
Users should upgrade to jsoup 1.14.2Workaround:
_Is there a way for users to fix or remediate the vulnerability without upgrading?_
Users may rate limit input parsing. Users should limit the size of inputs based on system resources. Users should implement thread watchdogs to cap and timeout parse runtimes.
Vendor References
- GHSA-m72m-mhq2-9p6c -
github.com/advisories/GHSA-m72m-mhq2-9p6c
CVEs related to QID 980408
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-m72m-mhq2-9p6c | org.jsoup:jsoup |
github.com/advisories/GHSA-m72m-mhq2-9p6c |