What is CVE-2021-37714?

CVE-2021-37714 is a high-severity vulnerability in Jhy Jsoup, classified under CWE-248. CVSS score: 7.5/10. Published 2021-08-18.

How severe is CVE-2021-37714?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2021-37714 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Jhy Jsoup

CVE-2021-37714

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that cau…

EPSS: 0.069 (93.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Jhy Jsoup — versions < 1.14.2
Jsoup
Netapp Management_services_for_element_software_and_netapp_hci
Oracle Banking_trade_finance — versions 14.5
Oracle Banking_treasury_management — versions 14.5
Oracle Business_process_management_suite — versions 12.2.1.3.0, 12.2.1.4.0
Oracle Communications_messaging_server — versions 8.1
Oracle Financial_services_crime_and_compliance_management_studio — versions 8.0.8.2.0, 8.0.8.3.0
Oracle Flexcube_universal_banking — versions 14.5
Oracle Hospitality_token_proxy_service — versions 19.2

Weakness classification (CWE)

Public proof-of-concept exploits

References

security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory)
security-advisories@github.com (x_refsource_MISC, Release Notes, Vendor Advisory)
security-advisories@github.com (x_refsource_MISC, Release Notes, Vendor Advisory)
security-advisories@github.com (mailing-list, x_refsource_MLIST)
security-advisories@github.com (mailing-list, x_refsource_MLIST)
security-advisories@github.com (mailing-list, x_refsource_MLIST)
security-advisories@github.com (mailing-list, x_refsource_MLIST)
security-advisories@github.com (mailing-list, x_refsource_MLIST)
security-advisories@github.com (mailing-list, x_refsource_MLIST)
security-advisories@github.com (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-37714?: CVE-2021-37714 is a high-severity vulnerability in Jhy Jsoup, classified under CWE-248. CVSS score: 7.5/10. Published 2021-08-18.
How severe is CVE-2021-37714?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2021-37714 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.