Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1000632

Опубликовано: 20 авг. 2018
Источник: debian
EPSS Низкий

Описание

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
dom4jfixed2.1.1-1package
dom4jfixed1.6.1+dfsg.3-2+deb9u1stretchpackage

Примечания

  • https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387

  • https://github.com/dom4j/dom4j/issues/48

EPSS

Процентиль: 81%
0.01611
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-1000632

CVSS3: 7.5
ubuntu
больше 7 лет назад

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

redhat логотип

CVE-2018-1000632

CVSS3: 5.3
redhat
больше 7 лет назад

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

nvd логотип

CVE-2018-1000632

CVSS3: 7.5
nvd
больше 7 лет назад

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

suse-cvrf логотип

openSUSE-SU-2018:3998-1

suse-cvrf
около 7 лет назад

Security update for dom4j

suse-cvrf логотип

openSUSE-SU-2018:2931-1

suse-cvrf
больше 7 лет назад

Security update for dom4j

EPSS

Процентиль: 81%
0.01611
Низкий