Is CVE-2021-37714 actively exploited?

CVE-2021-37714 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-37714?

CVE-2021-37714 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2021-37714?

Patch guidance is available from jsoup security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-37714.

Fix CVE-2021-37714 - HIGH jsoup jsoup

Q: Which products are affected by CVE-2021-37714?

24 products: jsoup jsoup, quarkus quarkus, oracle banking trade finance, oracle banking treasury management, oracle business process management suite, and 19 more.

Description

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-248 CWE-835 CWE-835

Metadata

Primary Vendor: JSOUP
Published: 8/18/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

jsoup : jsoupquarkus : quarkusoracle : banking_trade_financeoracle : banking_treasury_managementoracle : business_process_management_suiteoracle : business_process_management_suiteoracle : flexcube_universal_bankingoracle : flexcube_universal_bankingoracle : hospitality_token_proxy_serviceoracle : peoplesoft_enterprise_peopletoolsoracle : peoplesoft_enterprise_peopletoolsoracle : primavera_unifieroracle : primavera_unifieroracle : retail_customer_management_and_segmentation_foundationoracle : webcenter_portaloracle : webcenter_portaloracle : communications_messaging_servernetapp : management_services_for_element_software_and_netapp_hcioracle : financial_services_crime_and_compliance_management_studiooracle : financial_services_crime_and_compliance_management_studiooracle : middleware_common_libraries_and_toolsoracle : middleware_common_libraries_and_toolsoracle : stream_analyticsoracle : stream_analytics

Remediation Guidance

Executive Summary

View on NIST NVD