jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
24
Affected Products
28
References
jsoup / jsoup
| oracle | banking_trade_finance | - | - |
| oracle | banking_treasury_management | - | - |
| oracle | business_process_management_suite | - | - |
| oracle | business_process_management_suite | - | - |
| oracle | flexcube_universal_banking | 14.0.0 - 14.3.0 | - |
| oracle | flexcube_universal_banking | - | - |
| oracle | hospitality_token_proxy_service | - | - |
| oracle | peoplesoft_enterprise_peopletools | - | - |
| oracle | peoplesoft_enterprise_peopletools | - | - |
| oracle | primavera_unifier | - | - |
| oracle | primavera_unifier | - | - |
| oracle | retail_customer_management_and_segmentation_foundation | 17.0 - 19.0 | - |
| oracle | webcenter_portal | - | - |
| oracle | webcenter_portal | - | - |
| oracle | communications_messaging_server | - | - |
| netapp | management_services_for_element_software_and_netapp_hci | - | - |
| oracle | financial_services_crime_and_compliance_management_studio | - | - |
| oracle | financial_services_crime_and_compliance_management_studio | - | - |
| oracle | middleware_common_libraries_and_tools | - | - |
| oracle | middleware_common_libraries_and_tools | - | - |
| oracle | stream_analytics | 19.1.0.0.6.4 | - |
| oracle | stream_analytics | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact