CVE-2023-26119(9.8) on neko-htmlunit-2.66.0.jar dependency #17
Description
Starting at around 10.Apr.2023, the following started to fail on the Java project:
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0':
[ERROR]
[ERROR] neko-htmlunit-2.66.0.jar: CVE-2023-26119(9.8)
This dependency comes from the latest esapi.jar
+- org.owasp.esapi:esapi:jar:2.5.1.0:compile
| +- xom:xom:jar:1.3.8:compile
| +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
| | +- commons-logging:commons-logging:jar:1.2:compile
| | \- commons-collections:commons-collections:jar:3.2.2:compile
| +- commons-configuration:commons-configuration:jar:1.10:compile
| +- commons-lang:commons-lang:jar:2.6:compile
| +- org.apache.commons:commons-collections4:jar:4.4:compile
| +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
| +- org.owasp.antisamy:antisamy:jar:1.7.2:compile
| | +- net.sourceforge.htmlunit:neko-htmlunit:jar:2.66.0:compile
| | +- org.apache.xmlgraphics:batik-css:jar:1.16:compile
| | | +- org.apache.xmlgraphics:batik-shared-resources:jar:1.16:compile
| | | +- org.apache.xmlgraphics:batik-util:jar:1.16:compile
| | | | +- org.apache.xmlgraphics:batik-constants:jar:1.16:compile
| | | | \- org.apache.xmlgraphics:batik-i18n:jar:1.16:compile
| | | \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.7:compile
| | +- xerces:xercesImpl:jar:2.12.2:compile
| | \- xml-apis:xml-apis-ext:jar:1.3.04:compile
| \- xml-apis:xml-apis:jar:1.4.01:compile
The ticket in antisamy — nahsra/antisamy#321
The ticket in neko-htmlunit — HtmlUnit/htmlunit-neko#20