Back to search
CVE-2018-1000632
Published: Aug 20, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update
mailing-list
x_refsource_MLIST
RHSA-2019:0364
vendor-advisory
x_refsource_REDHAT
RHSA-2019:0362
vendor-advisory
x_refsource_REDHAT
RHSA-2019:0365
vendor-advisory
x_refsource_REDHAT
RHSA-2019:0380
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1160
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1162
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1159
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1161
vendor-advisory
x_refsource_REDHAT
[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
mailing-list
x_refsource_MLIST
[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
mailing-list
x_refsource_MLIST
[maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
mailing-list
x_refsource_MLIST
[maven-dev] 20190610 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
mailing-list
x_refsource_MLIST
RHSA-2019:3172
vendor-advisory
x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
x_refsource_CONFIRM
https://github.com/dom4j/dom4j/issues/48
x_refsource_CONFIRM
https://ihacktoprotect.com/post/dom4j-xml-injection/
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190530-0001/
x_refsource_CONFIRM
FEDORA-2021-f28c870528
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-8015a8cdc4
vendor-advisory
x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now