CVE-2022-29546

Name of the Vulnerable Software and Affected Versions HtmlUnit NekoHtml Parser versions prior to 2.61.0 Oracle WebLogic Server (affected versions not specified) Oracle Fusion Middleware (affected versions not specified) Jira Service Management (affected versions not specified) Jira Work Management (affected versions not specified) Jira Software (affected versions not specified)

Description The issue is related to insufficient input validation in the NekoHTML component, which can lead to a denial of service (DoS) attack. Specifically, crafted input associated with the parsing of Processing Instruction (PI) data can cause heap memory consumption. This can allow a remote attacker to execute a DoS attack.

Recommendations For HtmlUnit NekoHtml Parser versions prior to 2.61.0, update to version 2.61.0. For Oracle WebLogic Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Oracle Fusion Middleware, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Jira Service Management, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Jira Work Management, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Jira Software, at the moment, there is no information about a newer version that contains a fix for this vulnerability.