Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. https://github.com/HtmlUnit/htmlunit/commit/940dc7fd https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54613
Created rstudio tracking bugs for this issue: Affects: fedora-all [bug 2210640] Created rubygem-nokogiri tracking bugs for this issue: Affects: fedora-all [bug 2210642]
This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:3814 https://access.redhat.com/errata/RHSA-2023:3814
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-2798
This issue has been addressed in the following products: MTA-6.2-RHEL-9 MTA-6.2-RHEL-8 Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627