Lucene search

MitreCVELIST:CVE-2018-1000632

HistoryAug 20, 2018 - 7:00 p.m.

CVE-2018-1000632

2018-08-2019:00:00

mitre

www.cve.org

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.9%

JSON

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

References

access.redhat.com/errata/RHSA-2019:0362

access.redhat.com/errata/RHSA-2019:0364

access.redhat.com/errata/RHSA-2019:0365

access.redhat.com/errata/RHSA-2019:0380

access.redhat.com/errata/RHSA-2019:1159

access.redhat.com/errata/RHSA-2019:1160

access.redhat.com/errata/RHSA-2019:1161

access.redhat.com/errata/RHSA-2019:1162

access.redhat.com/errata/RHSA-2019:3172

github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387

github.com/dom4j/dom4j/issues/48

ihacktoprotect.com/post/dom4j-xml-injection/

lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74%40%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768%40%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc%40%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458%40%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce%40%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0%40%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f%40%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E

lists.debian.org/debian-lts-announce/2018/09/msg00028.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/

security.netapp.com/advisory/ntap-20190530-0001/

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html