CVEs-PoC/2020/CVE-2020-5529.md

### [CVE-2020-5529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5529)
![](https://img.shields.io/static/v1?label=Product&message=HtmlUnit&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20code%20execution&color=brighgreen)

### Description

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/HtmlUnit/htmlunit
- https://github.com/jenkinsci/bitbucket-plugin