漏洞标题
精心编写的输入可能导致jsoup的HTML和XML解析器卡住、超时或抛出 unchecked exceptions。
漏洞描述信息
精心构造的输入可能会导致jsoup HTML和XML解析器卡住、超时或抛出未检查异常
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions
漏洞描述信息
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
不可达退出条件的循环(无限循环)
漏洞标题
Github jsoup 安全漏洞
漏洞描述信息
Github jsoup是一个用于处理真实世界 HTML 的 Java 库。 Github jsoup 1.14.2之前版本存在安全漏洞,该漏洞可导致jsoup拒绝服务。
CVSS信息
N/A
漏洞类别
其他