CVE & CISA-KEV Catalog

CVE-2021-37714

HIGHEPSS 93th pctl
7.5
CVSS v3
NVD

Description

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.

How to fix

Remediation Available
jsoupDebian
Fixed in:1.14.2-1CVE-2021-37714
Fixed in:1.14.2-1CVE-2021-37714
Fixed in:1.14.2-1CVE-2021-37714
eap7-activemq-artemisRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemisRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-cliRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-cliRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-commonsRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-commonsRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-core-clientRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-core-clientRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-dtoRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-dtoRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-hornetq-protocolRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-hornetq-protocolRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-hqclient-protocolRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-hqclient-protocolRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-jdbc-storeRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-jdbc-storeRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-jms-clientRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-jms-clientRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-jms-serverRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-jms-serverRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-journalRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-journalRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-nativeRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-nativeRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-raRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-raRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-selectorRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-selectorRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-serverRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-serverRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-service-extensionsRed Hat / RHEL
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-activemq-artemis-service-extensionsRocky
Fixed in:0:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-artemis-nativeRocky
Fixed in:1:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
Fixed in:1:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-artemis-nativeRed Hat / RHEL
Fixed in:1:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
Fixed in:1:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-artemis-native-debuginfoRed Hat / RHEL
Fixed in:1:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-artemis-native-debuginfoRocky
Fixed in:1:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-artemis-native-wildflyRocky
Fixed in:1:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-artemis-native-wildflyRed Hat / RHEL
Fixed in:1:1.5.5.016-1.redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-jboss-xnio-baseRed Hat / RHEL
Fixed in:0:3.5.11-1.Final_redhat_00001.1.ep7.el7RHSA-2025:4226
Fixed in:0:3.5.11-1.Final_redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-jboss-xnio-baseRocky
Fixed in:0:3.5.11-1.Final_redhat_00001.1.ep7.el7RHSA-2025:4226
Fixed in:0:3.5.11-1.Final_redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-jsoupRocky
Fixed in:0:1.14.2-1.redhat_00002.1.ep7.el7RHSA-2025:4226
Fixed in:0:1.14.2-1.redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-jsoupRed Hat / RHEL
Fixed in:0:1.14.2-1.redhat_00002.1.ep7.el7RHSA-2025:4226
Fixed in:0:1.14.2-1.redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-undertowRed Hat / RHEL
Fixed in:0:1.4.18-14.SP13_redhat_00001.1.ep7.el7RHSA-2025:4226
Fixed in:0:1.4.18-14.SP13_redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-undertowRocky
Fixed in:0:1.4.18-14.SP13_redhat_00001.1.ep7.el7RHSA-2025:4226
Fixed in:0:1.4.18-14.SP13_redhat_00001.1.ep7.el7RHSA-2025:4226
eap7-wildflyRocky
Fixed in:0:7.1.10-2.GA_redhat_00002.1.ep7.el7RHSA-2025:4226
Fixed in:0:7.1.10-2.GA_redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-wildflyRed Hat / RHEL
Fixed in:0:7.1.10-2.GA_redhat_00002.1.ep7.el7RHSA-2025:4226
Fixed in:0:7.1.10-2.GA_redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-wildfly-modulesRed Hat / RHEL
Fixed in:0:7.1.10-2.GA_redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-wildfly-modulesRocky
Fixed in:0:7.1.10-2.GA_redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-woodstox-coreRocky
Fixed in:0:5.0.3-2.redhat_00002.1.ep7.el7RHSA-2025:4226
Fixed in:0:5.0.3-2.redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-woodstox-coreRed Hat / RHEL
Fixed in:0:5.0.3-2.redhat_00002.1.ep7.el7RHSA-2025:4226
Fixed in:0:5.0.3-2.redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-xml-securityRed Hat / RHEL
Fixed in:0:2.0.10-2.redhat_00002.1.ep7.el7RHSA-2025:4226
Fixed in:0:2.0.10-2.redhat_00002.1.ep7.el7RHSA-2025:4226
eap7-xml-securityRocky
Fixed in:0:2.0.10-2.redhat_00002.1.ep7.el7RHSA-2025:4226
Fixed in:0:2.0.10-2.redhat_00002.1.ep7.el7RHSA-2025:4226

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

6.87%probability of exploitation in 30 days
93rdpercentile

High risk: more likely to be exploited than 93% of all known CVEs.

References

Embed a live status badge for CVE-2021-37714
CVE-2021-37714 severity badge

Markdown

[![CVE-2021-37714](https://tridentstack.com/cve/badge/CVE-2021-37714.svg)](https://tridentstack.com/cve/CVE-2021-37714)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-37714"><img src="https://tridentstack.com/cve/badge/CVE-2021-37714.svg" alt="CVE-2021-37714"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.