Lucene search

GoogleOSV:GHSA-6PCC-3RFX-4GPM

HistoryOct 16, 2018 - 5:01 p.m.

Dom4j contains a XML Injection vulnerability

2018-10-1617:01:25

Google

osv.dev

0.003 Low

EPSS

Percentile

70.9%

JSON

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Note: This advisory applies to dom4j:dom4j version 1.x legacy artifacts. To resolve this a change to the latest version of org.dom4j:dom4j is recommended.

CPENameOperatorVersion
dom4j:dom4jeq1.4-dev-2
dom4j:dom4jeq1.5
dom4j:dom4jeq1.4-dev-5
dom4j:dom4jeq1.4-dev-7
dom4j:dom4jeq1.5.2
dom4j:dom4jeq1.4-dev-4
dom4j:dom4jeq1.3
dom4j:dom4jeq1.4-dev-6
org.dom4j:dom4jeq2.0.0
dom4j:dom4jeq1.5-rc1

Name	Operator	Version
dom4j:dom4j	eq	1.4-dev-2
dom4j:dom4j	eq	1.5
dom4j:dom4j	eq	1.4-dev-5
dom4j:dom4j	eq	1.4-dev-7
dom4j:dom4j	eq	1.5.2
dom4j:dom4j	eq	1.4-dev-4
dom4j:dom4j	eq	1.3
dom4j:dom4j	eq	1.4-dev-6
org.dom4j:dom4j	eq	2.0.0
dom4j:dom4j	eq	1.5-rc1

Rows per page:

1-10 of 221

References

access.redhat.com/errata/RHSA-2019:0362

access.redhat.com/errata/RHSA-2019:0364

access.redhat.com/errata/RHSA-2019:0365

access.redhat.com/errata/RHSA-2019:0380

access.redhat.com/errata/RHSA-2019:1159

access.redhat.com/errata/RHSA-2019:1160

access.redhat.com/errata/RHSA-2019:1161

access.redhat.com/errata/RHSA-2019:1162

access.redhat.com/errata/RHSA-2019:3172

github.com/advisories/GHSA-6pcc-3rfx-4gpm

github.com/dom4j/dom4j

github.com/dom4j/dom4j/commit/c2a99d7dee8ce7a4e5bef134bb781a6672bd8a0f

github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387

github.com/dom4j/dom4j/issues/48

ihacktoprotect.com/post/dom4j-xml-injection

lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E

lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E

lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E

lists.debian.org/debian-lts-announce/2018/09/msg00028.html

lists.fedoraproject.org/archives/list/[email protected]/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP

lists.fedoraproject.org/archives/list/[email protected]/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA

nvd.nist.gov/vuln/detail/CVE-2018-1000632

security.netapp.com/advisory/ntap-20190530-0001

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for OSV:GHSA-6PCC-3RFX-4GPM