Lucene search

K
osvGoogleOSV:USN-4619-1
HistoryNov 05, 2020 - 4:09 p.m.

dom4j vulnerability

2020-11-0516:09:57
Google
osv.dev
11
dom4j
xml validation
vulnerability
denial of service
arbitrary code execution

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

70.9%

Mário Areias discovered that dom4j did not properly validate XML document
elements. An attacker could exploit this with a crafted XML file to cause
dom4j to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2018-1000632)