CVE-2020-5529
Code Execution vulnerability in htmlunit (Maven)
What is CVE-2020-5529 About?
This vulnerability involves improper initialization of the Rhino engine in HtmlUnit, leading to arbitrary Java code execution via malicious JavaScript. Its impact is severe, allowing full control over the application. Exploitation is relatively easy for an attacker who can inject or control JavaScript code processed by HtmlUnit.
Affected Software
Technical Details
HtmlUnit prior to version 2.37.0 improperly initializes the Rhino JavaScript engine. This flaw allows a malicious JavaScript payload to escape the sandbox and execute arbitrary Java code within the application's context. Specifically, the issue extends to Android applications where an improper Android-specific initialization of the Rhino engine also permits the execution of arbitrary Java code by malicious JavaScript. The attack vector involves an attacker providing specially crafted JavaScript code that leverages the improper engine setup to achieve code execution.
What is the Impact of CVE-2020-5529?
Successful exploitation may allow attackers to execute arbitrary code, gain full control over the affected application, compromise data, and potentially pivot to other systems.
What is the Exploitability of CVE-2020-5529?
Exploitation requires the ability to supply or modify JavaScript code that is processed by the vulnerable HtmlUnit instance. The complexity is low, as it primarily involves crafting malicious JavaScript. No prior authentication is explicitly required, but the attacker needs to be in a position to deliver the JavaScript payload, which could be local or remote depending on how HtmlUnit processes untrusted input. Privilege requirements would be those of the application running HtmlUnit. The risk is high if HtmlUnit is used to process untrusted external content.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-5529?
Available Upgrade Options
- net.sourceforge.htmlunit:htmlunit
- <2.37.0 → Upgrade to 2.37.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://jvn.jp/en/jp/JVN34535327/
- https://github.com/HtmlUnit/htmlunit
- https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E
- https://jvn.jp/en/jp/JVN34535327
- https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0
- https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html
- https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E
- https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0
- https://nvd.nist.gov/vuln/detail/CVE-2020-5529
- https://osv.dev/vulnerability/GHSA-5mh9-r3rr-9597
What are Similar Vulnerabilities to CVE-2020-5529?
Similar Vulnerabilities: CVE-2019-11043 , CVE-2023-49080 , CVE-2023-28100 , CVE-2022-22965 , CVE-2021-44228
