[net.sourceforge.htmlunit:neko-htmlunit] OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser

Impact

NekoHtml Parser suffers from a denial of service vulnerability on versions 2.60.0 and below. A specifically crafted input regarding the parsing of processing instructions leads to heap memory consumption. Please update to version 2.61.0.

For more information

If you have any questions or comments about this advisory:

• Open an issue in https://github.com/HtmlUnit/htmlunit-neko
• Email us at [rbri at rbri.de]

References

• https://github.com/HtmlUnit/htmlunit-neko/security/advisories/GHSA-6jmm-mp6w-4rrg
• https://nvd.nist.gov/vuln/detail/CVE-2022-29546
• https://github.com/advisories/GHSA-6jmm-mp6w-4rrg