CVE-2018-1000632
ADVISORY - githubSummary
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Note: This advisory applies to dom4j:dom4j version 1.x legacy artifacts. To resolve this a change to the latest version of org.dom4j:dom4j is recommended.
EPSS Score: 0.01179 (0.778)
Common Weakness Enumeration (CWE)
ADVISORY - nist
XML Injection (aka Blind XPath Injection)
ADVISORY - github
XML Injection (aka Blind XPath Injection)
ADVISORY - gitlab
ADVISORY - redhat
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2018-1000632
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-6pcc-3rfx-4gpm
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highDebian
CREATED
UPDATED
ADVISORY IDCVE-2018-1000632
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2018-1000632
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
7.5lowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2018-1000632
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.3mediumintheWild
CREATED
UPDATED
ADVISORY IDCVE-2018-1000632
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-