Search CVE reports


Toggle filters

1 – 2 of 2 results


CVE-2020-10683

Medium priority

Some fixes available 1 of 6

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the...

1 affected packages

dom4j

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dom4j Not affected Not affected Vulnerable Vulnerable Fixed
Show less packages

CVE-2018-1000632

Low priority

Some fixes available 14 of 16

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This...

1 affected packages

dom4j

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dom4j Fixed Fixed Fixed Vulnerable Fixed
Show less packages