[MAVEN:GHSA-6PCC-3RFX-4GPM] Dom4j contains a XML Injection vulnerability
Severity
High
Affected Packages
3
Fixed Packages
2
CVEs
1
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Note: This advisory applies to dom4j:dom4j
version 1.x legacy artifacts. To resolve this a change to the latest version of org.dom4j:dom4j
is recommended.
Package | Affected Version |
---|---|
pkg:maven/org.dom4j/dom4j | = 2.1.0 |
pkg:maven/org.dom4j/dom4j | < 2.0.3 |
pkg:maven/dom4j/dom4j | <= 1.6.1 |
Package | Fixed Version |
---|---|
pkg:maven/org.dom4j/dom4j | = 2.1.1 |
pkg:maven/org.dom4j/dom4j | = 2.0.3 |
- ID
- MAVEN:GHSA-6PCC-3RFX-4GPM
- Severity
- high
- URL
- https://github.com/advisories/GHSA-6pcc-3rfx-4gpm
- Published
-
2018-10-16T17:01:25
(6 years ago) - Modified
-
2023-02-01T05:03:22
(19 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.dom4j/dom4j | org.dom4j | dom4j | = 2.1.0 | |||
Fixed | pkg:maven/org.dom4j/dom4j | org.dom4j | dom4j | = 2.1.1 | |||
Affected | pkg:maven/org.dom4j/dom4j | org.dom4j | dom4j | < 2.0.3 | |||
Fixed | pkg:maven/org.dom4j/dom4j | org.dom4j | dom4j | = 2.0.3 | |||
Affected | pkg:maven/dom4j/dom4j | dom4j | dom4j | <= 1.6.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |