{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T10:06:57.744","vulnerabilities":[{"cve":{"id":"CVE-2020-5529","sourceIdentifier":"vultures@jpcert.or.jp","published":"2020-02-11T12:15:21.210","lastModified":"2026-06-17T03:21:32.883","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."},{"lang":"es","value":"HtmlUnit anterior a 2.37.0, contiene vulnerabilidades de ejecución de código. HtmlUnit inicializa el motor Rhino inapropiadamente, por lo tanto, un código JavScript malicioso puede ejecutar código Java arbitrario en la aplicación. Adicionalmente, cuando se inserta en la aplicación de Android, la inicialización del motor Rhino específica de Android se lleva a cabo de manera inapropiada, por lo tanto, un código JavaScript malicioso puede ejecutar código Java arbitrario sobre la aplicación."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"HtmlUnit Project","product":"HtmlUnit","versions":[{"version":"prior to 2.37.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-15T17:16:12.338645Z","id":"CVE-2020-5529","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-665"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*","versionEndExcluding":"2.37.0","matchCriteriaId":"BAC2C61D-D942-4FFE-A5DF-2AC6988CA665"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","matchCriteriaId":"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:-:*:*:*:*:*:*:*","matchCriteriaId":"D7F3BF7D-C547-4FBE-908C-BCB5D83BEDA9"}]}]}],"references":[{"url":"https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0","source":"vultures@jpcert.or.jp","tags":["Release Notes","Third Party Advisory"]},{"url":"https://jvn.jp/en/jp/JVN34535327/","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E","source":"vultures@jpcert.or.jp"},{"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html","source":"vultures@jpcert.or.jp","tags":["Mailing List","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4584-1/","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://jvn.jp/en/jp/JVN34535327/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4584-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}