VDB
CVE-2018-1000632
CVE-2018-1000632
PUBLISHED
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
EPSS 1.61% · 82.1th percentile
Risk Scores
EPSS Score
1.61%
82.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dom4j | 1.6.1+dfsg.3-2ubuntu1.1, 1.6.1+dfsg.3-2ubuntu1, 0 |
| Ubuntu:18.04:LTS | dom4j | 2.1.0-2, 0, 1.6.1+dfsg.3-2ubuntu1 |
| Ubuntu:14.04:LTS | dom4j | *, 0 |
Exploit Intelligence
Timeline
- CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1000632 third-party-advisory
- https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387 third-party-advisory
- https://github.com/dom4j/dom4j/issues/48 third-party-advisory
- https://ihacktoprotect.com/post/dom4j-xml-injection/ third-party-advisory
- https://ubuntu.com/security/notices/USN-4619-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1000632 third-party-advisory