dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
References
Link Providers
https://access.redhat.com/errata/RHSA-2019:0362 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0364 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0365 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:0380 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1159 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1160 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1161 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:1162 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3172 cve-icon cve-icon
https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387 cve-icon cve-icon
https://github.com/dom4j/dom4j/issues/48 cve-icon cve-icon
https://ihacktoprotect.com/post/dom4j-xml-injection/ cve-icon cve-icon
https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74%40%3Ccommits.maven.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768%40%3Cdev.maven.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc%40%3Ccommits.maven.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458%40%3Cdev.maven.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce%40%3Cdev.maven.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0%40%3Ccommits.maven.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f%40%3Cdev.maven.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2018-1000632 cve-icon
https://security.netapp.com/advisory/ntap-20190530-0001/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2018-1000632 cve-icon
https://www.oracle.com/security-alerts/cpuApr2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2020.html cve-icon cve-icon
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html cve-icon cve-icon
History

Fri, 23 Aug 2024 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-20T19:00:00

Updated: 2024-08-05T12:40:47.850Z

Reserved: 2018-07-30T00:00:00

Link: CVE-2018-1000632

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-08-20T19:31:31.230

Modified: 2024-11-21T03:40:16.793

Link: CVE-2018-1000632

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-07-01T00:00:00Z

Links: CVE-2018-1000632 - Bugzilla