EUVD-2020-0492

Malware in sbrugna...

ROS-20250822-02

A vulnerability in the dom4j open source Java library for XML, XPath and XSLT is related to the improper cleansing of elements and attribute names in XML documents. Exploitation of the vulnerability could Allow an attacker acting remotely to launch an XXE attack on the target system...

Linux Distros Unpatched Vulnerability : CVE-2018-1000632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an...

dom4j Security Vulnerabilities

dom4j is an open source framework for processing XML. A security vulnerability exists in dom4j v.2.1.4 and earlier versions that could allow a remote attacker to obtain sensitive information via the setFeature function...

Security Bulletin: Vulnerability found in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center(CVE-2018-1000632)

Summary Vulnerability have been identified in dom4j-1.6.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Dom4j Vulnerability affects IBM SPSS Statistics (CVE-2018-1000632)

Summary There is a vulnerability in the version of Dom4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by...

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

Ubuntu 16.04 LTS : dom4j vulnerability (USN-4619-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4619-1 advisory. Mrio Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash,...

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

acegisecurity:acegi-security-domain (=0.9.0), ai.databand.azkaban:azkaban-web-server (=3.18.0) +16289 more potentially affected by CVE-2020-10683 via dom4j:dom4j (>=1.1 <=1.6.1)

dom4j:dom4j MAVEN version =1.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =0.6.1, =1.0.0, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2020-10683 Source advisory: OSV:GHSA-HWJ3-M3P6-HJ38...

app.myoss.wechat:wechat-starter-core (=1.1.0.RELEASE), app.myoss.wechat:wechat-starter-mini-app (=1.1.0.RELEASE) +87 more potentially affected by CVE-2020-10683 via org.dom4j:dom4j (>=2.0.0-RC1 <=2.0.2)

org.dom4j:dom4j MAVEN version =2.0.0-RC1, =3.0.0, =0.0.5, =0.0.5, =0.0.5, =1.0.RELEASE, =2.2.4, =2.2.4, =2.2.4, =2.2.4, =2.2.4, =2.2.4, =2.2.4, =2.2.8 and more Source cves: CVE-2020-10683 Source advisory: OSV:GHSA-HWJ3-M3P6-HJ38...

GHSA-HWJ3-M3P6-HJ38 dom4j allows External Entities by default which might enable XXE attacks

dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. Note: This advisory applies to dom4j:dom4j...

UBUNTU-CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

cn.fossc.polaris.framework:polaris-framework-builder (>=3.0.1 <=3.0.33), cn.fossc.polaris.toolkit:polaris-builder-assembly (>=3.2.0 <=3.8.12) +164 more potentially affected by CVE-2018-1000632 via org.dom4j:dom4j (=2.1.0)

org.dom4j:dom4j MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.dom4j:dom4j and may be impacted: - cn.fossc.polaris.framework:polaris-framework-builder =3.0.1, =3.2.0, =3.2.0, =0.1, =2.0.1, =3.0.1, =3.0.1, =1.1.9, =1.1.9, =1.1....

app.myoss.wechat:wechat-starter-core (=1.1.0.RELEASE), app.myoss.wechat:wechat-starter-mini-app (=1.1.0.RELEASE) +87 more potentially affected by CVE-2018-1000632 via org.dom4j:dom4j (>=2.0.0-RC1 <=2.0.2)

org.dom4j:dom4j MAVEN version =2.0.0-RC1, =3.0.0, =0.0.5, =0.0.5, =0.0.5, =1.0.RELEASE, =2.2.4, =2.2.4, =2.2.4, =2.2.4, =2.2.4, =2.2.4, =2.2.4, =2.2.8 and more Source cves: CVE-2018-1000632 Source advisory: OSV:GHSA-6PCC-3RFX-4GPM...

PT-2018-9485 · Dom4J +2 · Dom4J +2

Name of the Vulnerable Software and Affected Versions: dom4j versions prior to 2.1.1 Description: The issue is related to an XML Injection vulnerability in the Class: Element, specifically in the addElement and addAttribute methods. This can result in an attacker tampering with XML documents...