Home

CVE-2021-37714

Description

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
4.351

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-37714 are fixed in jsoup 1.14.2Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2Windows
Vulnerabilities CVE-2021-37714 are fixed in jsoup for Linux 1.14.2Linux
jsoup Security Update (ALAS2-2025-2813) jsoup-1.16.1-4.amzn2.0.1.noarch.rpmLinux
jsoup Security Update (ALAS2-2025-2813) jsoup-javadoc-1.16.1-4.amzn2.0.1.noarch.rpmLinux
jsoup Security Update (ALAS2023-2025-884) jsoup-1.16.1-4.amzn2023.0.2.noarch.rpmLinux
jsoup Security Update (ALAS2023-2025-884) jsoup-javadoc-1.16.1-4.amzn2023.0.2.noarch.rpmLinux
CVE-2021-37714NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234