Headline
GHSA-jv4x-j47q-6qvp: htmlcleaner vulnerable to stack exhaustion
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
htmlcleaner vulnerable to stack exhaustion
Low severity GitHub Reviewed Published Jun 14, 2023 to the GitHub Advisory Database • Updated Jun 14, 2023
Related news
Ubuntu Security Notice 6683-1 - It was discovered that HtmlCleaner incorrectly handled certain html documents. An attacker could possibly use this issue to cause a denial of service via application crash.
Debian Linux Security Advisory 5471-1 - A security vulnerability has been discovered in libhtmlcleaner-java, a Java HTML parser library. An attacker was able to cause a denial of service (StackOverflowError) if the parser runs on user supplied input with deeply nested HTML elements. This update introduces a new nesting depth limit which can be overridden in cleaner properties.
An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.