CVE-2018-1000632 @ Maven-dom4j:dom4j-1.6.1 #4
Comments
This was referenced Sep 18, 2023
This was referenced Sep 18, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2018-1000632
Checkmarx Project: AaronZhouYu/TotallySecureApp
Repository URL: https://github.com/AaronZhouYu/TotallySecureApp
Branch: main
Scan ID: d9fa6dd5-d23b-4436-b75a-41a016305f39
dom4j prior to 2.0.3 and 2.1.x prior to 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document.
To resolve this issue - upgrade to version 2.0.3 or 2.1.1. Please note: the package name was changed to org.dom4j:dom4j on version 2.0.0.
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: NONE
The text was updated successfully, but these errors were encountered: