CVE-2021-37714

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions jsoup versions prior to 1.14.2

Description The issue is related to the parsing of untrusted HTML or XML, which may cause the parser to get stuck, complete more slowly than usual, or throw an unexpected exception, potentially supporting a denial of service attack. If the parser is run on user-supplied input, an attacker may supply content that exploits this issue.

Recommendations For jsoup versions prior to 1.14.2, upgrade to version 1.14.2 to resolve the issue. As a temporary workaround, consider rate limiting input parsing, limiting the size of inputs based on system resources, and/or implementing thread watchdogs to cap and timeout parse runtimes.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248CWE-835

Related Identifiers

ALT-PU-2025-14852

ALT-PU-2025-14912

AZL-36945

AZL-7253

BDU:2023-05361

CVE-2021-37714

GHSA-M72M-MHQ2-9P6C

OESA-2021-1335

OPENSUSE-SU-2022_1265-1

OPENSUSE-SU-2024:10882-1

OPENSUSE-SU-2024:10883-1

RHSA-2021:4676

RHSA-2021:4677

RHSA-2021:5149

RHSA-2021:5150

RHSA-2021:5151

RHSA-2025:4226

SUSE-SU-2022:1265-1

SUSE-SU-2022_1265-1

Affected Products

Alt Linux

Astra Linux

Debian

Jira

Suse

Jsoup

CVE-2021-37714

Weakness Enumeration

Related Identifiers

Affected Products

References · 49