DEBIAN-CVE-2022-28366

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2022-28366
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-28366.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-28366
Upstream
Published
2022-04-21T23:15:10.383Z
Modified
2025-11-20T10:15:51.437919Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.

References

Affected packages

Debian:11 / libowasp-antisamy-java

Package

Name
libowasp-antisamy-java
Purl
pkg:deb/debian/libowasp-antisamy-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1.1
1.7.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-28366.json"

Debian:12 / libowasp-antisamy-java

Package

Name
libowasp-antisamy-java
Purl
pkg:deb/debian/libowasp-antisamy-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.3+dfsg-1.1
1.7.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-28366.json"

Debian:13 / libowasp-antisamy-java

Package

Name
libowasp-antisamy-java
Purl
pkg:deb/debian/libowasp-antisamy-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-28366.json"

Debian:14 / libowasp-antisamy-java

Package

Name
libowasp-antisamy-java
Purl
pkg:deb/debian/libowasp-antisamy-java?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.4-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-28366.json"