dom4j prior to 2.0.3 and 2.1.x prior to 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document.
To resolve this issue - upgrade to version 2.0.3 or 2.1.1. Please note: the package name was changed to org.dom4j:dom4j on version 2.0.0.
HIGH Vulnerable Package issue exists @ dom4j:dom4j in branch refs/heads/master
jbrotsos
commented
3 years ago
Description
dom4j prior to 2.0.3 and 2.1.x prior to 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. To resolve this issue - upgrade to version 2.0.3 or 2.1.1. Please note: the package name was changed to org.dom4j:dom4j on version 2.0.0.
HIGH Vulnerable Package issue exists @ dom4j:dom4j in branch refs/heads/master
Vulnerability ID: CVE-2018-1000632
Package Name: dom4j:dom4j
Severity: HIGH
CVSS Score: 7.5
Publish Date: 2018-08-20T19:31:00
Current Package Version: 1.6.1
Remediation Upgrade Recommendation:
Link To SCA
Reference – NVD link