Improper Initialization

CVE-2020-5529

High

8.1/10

Summary

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-665 - Improper Initialization

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

References

Release Note
Advisory

Advisory Timeline

Published Feb 11, 2020

Improper Initialization

CVE-2020-5529

Summary

CWE-665 - Improper Initialization

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS