jsoup is a Java library for working with HTML. Those using jsoup versions before 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jsoup jsoup |
||
quarkus quarkus |
||
oracle banking trade finance 14.5 |
||
oracle banking treasury management 14.5 |
||
oracle business process management suite 12.2.1.3.0 |
||
oracle business process management suite 12.2.1.4.0 |
||
oracle flexcube universal banking |
||
oracle flexcube universal banking 14.5 |
||
oracle hospitality token proxy service 19.2 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle primavera unifier 20.12 |
||
oracle primavera unifier 21.12 |
||
oracle retail customer management and segmentation foundation |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle communications messaging server 8.1 |
||
netapp management services for element software and netapp hci - |
||
oracle financial services crime and compliance management studio 8.0.8.2.0 |
||
oracle financial services crime and compliance management studio 8.0.8.3.0 |
||
oracle middleware common libraries and tools 12.2.1.3.0 |
||
oracle middleware common libraries and tools 12.2.1.4.0 |
||
oracle stream analytics |
||
oracle stream analytics 19c |