Published: 21/04/2022 Updated: 07/12/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko up to and including 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML up to and including 1.9.22 (also affecting OWASP AntiSamy prior to 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cyberneko html project cyberneko html
htmlunit htmlunit
antisamy project antisamy

Debian Bug report logs - #1010154 libowasp-antisamy-java: CVE-2022-28366 + CVE-2022-28367 Package: src:libowasp-antisamy-java; Maintainer for src:libowasp-antisamy-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Neil Williams <codehelp@debianorg> Date: Mon, 25 Apr 2022 12: ...

HtmlUnit adaptation of NekoHtml

HtmlUnit - NekoHtml Parser This is the code repository of the HTML parser used by HtmlUnit HtmlUnit has been using CyberNeko HTML parser (nekohtmlsourceforgenet/) for a long time But since the development was discontinued around 2014, we started our own fork, which now has many improvements As of version 2680, neko-htmlunit also uses its own fork of Xerces (https:

NVD-CWE-noinfo https://github.com/nahsra/antisamy/releases/tag/v1.6.6 https://sourceforge.net/projects/htmlunit/files/htmlunit/2.27/https://search.maven.org/artifact/net.sourceforge.htmlunit/neko-htmlunit https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010154 https://nvd.nist.gov https://github.com/HtmlUnit/htmlunit-neko

CVE-2022-28366

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect