Sign In

CVE-2018-1000632

ADVISORY - github

Summary

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Note: This advisory applies to dom4j:dom4j version 1.x legacy artifacts. To resolve this a change to the latest version of org.dom4j:dom4j is recommended.

EPSS Score: 0.01179 (0.778)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-91

XML Injection (aka Blind XPath Injection)

ADVISORY - github

CWE-91

XML Injection (aka Blind XPath Injection)

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-91

XML Injection (aka Blind XPath Injection)

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in