beniisan / JavaVulnLab_Cx

GNU General Public License v2.0
0 stars 0 forks source link

CX: CVE-2018-1000632 in Maven-dom4j:dom4j and 1.6.1 @ JavaVulnLab_Cx.${basename #11

Open github-actions[bot] opened 3 years ago

github-actions[bot] commented 3 years ago

Description

dom4j prior to 2.0.3 and 2.1.x prior to 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. To resolve this issue - upgrade to version 2.0.3 or 2.1.1. Please note: the package name was changed to org.dom4j:dom4j on version 2.0.0.

HIGH Vulnerable Package issue exists @ dom4j:dom4j in branch ${basename

Vulnerability ID: CVE-2018-1000632

Package Name: dom4j:dom4j

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2018-08-20T19:31:00

Current Package Version: 1.6.1

Remediation Upgrade Recommendation:

Link To SCA

Reference – NVD link

github-actions[bot] commented 3 years ago

Issue still exists.