Bug 27772

Summary: htmlunit security issue CVE-2020-5529
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-5529
Whiteboard:
Source RPM: htmlunit-2.23-2.mga7.src CVE: CVE-2020-5529
Status comment:

Description Zombie Ryushu 2020-12-07 02:58:07 CET 
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.
Zombie Ryushu 2020-12-07 02:58:57 CET

CVE: (none) => CVE-2020-5529

Comment 1 David Walser 2020-12-07 03:34:15 CET 
Already reported!

*** This bug has been marked as a duplicate of bug 27167 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE