GHSA-m72m-mhq2-9p6c

Suggest an improvement
Source
https://github.com/advisories/GHSA-m72m-mhq2-9p6c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-m72m-mhq2-9p6c/GHSA-m72m-mhq2-9p6c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m72m-mhq2-9p6c
Aliases
Published
2021-08-23T19:42:38Z
Modified
2024-02-19T05:33:24.754681Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Uncaught Exception in jsoup
Details

Impact

What kind of vulnerability is it? Who is impacted? Those using jsoup to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack.

Patches

Has the problem been patched? What versions should users upgrade to? Users should upgrade to jsoup 1.14.2

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading? Users may rate limit input parsing. Users should limit the size of inputs based on system resources. Users should implement thread watchdogs to cap and timeout parse runtimes.

Database specific
{
    "nvd_published_at": "2021-08-18T15:15:00Z",
    "cwe_ids": [
        "CWE-248",
        "CWE-835"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-23T17:20:30Z"
}
References

Affected packages

Maven / org.jsoup:jsoup

Package

Name
org.jsoup:jsoup
View open source insights on deps.dev
Purl
pkg:maven/org.jsoup/jsoup

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.2

Affected versions

0.*

0.2.1b
0.2.2
0.3.1

1.*

1.1.1
1.2.1
1.2.2
1.2.3
1.3.1
1.3.2
1.3.3
1.4.1
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2
1.6.3
1.7.1
1.7.2
1.7.3
1.8.1
1.8.2
1.8.3
1.9.1
1.9.2
1.10.1
1.10.2
1.10.3
1.11.1
1.11.2
1.11.3
1.12.1
1.12.2
1.13.1
1.14.1