CVE-2022-28366

Name of the Vulnerable Software and Affected Versions HtmlUnit-Neko versions 2.26 and earlier CyberNeko HTML versions 1.9.22 and earlier OWASP AntiSamy versions 1.6.6 and earlier

Description Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption.

Recommendations For HtmlUnit-Neko versions 2.26 and earlier, update to version 2.27 to resolve the issue. For CyberNeko HTML versions 1.9.22 and earlier, consider disabling the affected HTML parser until an alternative solution is available, as 1.9.22 is the last version of CyberNeko HTML. For OWASP AntiSamy versions 1.6.6 and earlier, update to version 1.6.6 or later to resolve the issue.