OESA-2024-1255

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1255

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1255.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1255

Upstream

CVE-2022-36033

Published

2024-03-08T11:07:09Z

Modified

2025-08-12T05:14:27.193523Z

Summary

jsoup security update

Details

jsoup is a Java library for working with real-world HTML. It provides a very convenient API for extracting and manipulating data, using the best of DOM, CSS, and jquery-like methods.

Security Fix(es):

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable SafeList.preserveRelativeLinks, which will rewrite input URLs as absolute URLs - ensure an appropriate Content Security Policy is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)(CVE-2022-36033)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / jsoup

Package

Name: jsoup
Purl: pkg:rpm/openEuler/jsoup&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.2-2.oe1

Ecosystem specific

{
    "src": [
        "jsoup-1.14.2-2.oe1.src.rpm"
    ],
    "noarch": [
        "jsoup-1.14.2-2.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / jsoup

Package

Name: jsoup
Purl: pkg:rpm/openEuler/jsoup&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.2-2.oe2003sp4

Ecosystem specific

{
    "src": [
        "jsoup-1.14.2-2.oe2003sp4.src.rpm"
    ],
    "noarch": [
        "jsoup-1.14.2-2.oe2003sp4.noarch.rpm"
    ]
}

openEuler:22.03-LTS / jsoup

Package

Name: jsoup
Purl: pkg:rpm/openEuler/jsoup&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.2-2.oe2203sp3

Ecosystem specific

{
    "src": [
        "jsoup-1.14.2-2.oe2203.src.rpm",
        "jsoup-1.14.2-2.oe2203sp1.src.rpm",
        "jsoup-1.14.2-2.oe2203sp2.src.rpm",
        "jsoup-1.14.2-2.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "jsoup-1.14.2-2.oe2203.noarch.rpm",
        "jsoup-1.14.2-2.oe2203sp1.noarch.rpm",
        "jsoup-1.14.2-2.oe2203sp2.noarch.rpm",
        "jsoup-1.14.2-2.oe2203sp3.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / jsoup

Package

Name: jsoup
Purl: pkg:rpm/openEuler/jsoup&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.2-2.oe2203sp1

Ecosystem specific

{
    "src": [
        "jsoup-1.14.2-2.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "jsoup-1.14.2-2.oe2203sp1.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP2 / jsoup

Package

Name: jsoup
Purl: pkg:rpm/openEuler/jsoup&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.2-2.oe2203sp2

Ecosystem specific

{
    "src": [
        "jsoup-1.14.2-2.oe2203sp2.src.rpm"
    ],
    "noarch": [
        "jsoup-1.14.2-2.oe2203sp2.noarch.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / jsoup

Package

Name: jsoup
Purl: pkg:rpm/openEuler/jsoup&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.2-2.oe2203sp3

Ecosystem specific

{
    "src": [
        "jsoup-1.14.2-2.oe2203sp3.src.rpm"
    ],
    "noarch": [
        "jsoup-1.14.2-2.oe2203sp3.noarch.rpm"
    ]
}