Search CVE reports
1 – 2 of 2 results
CVE-2020-10683
Medium prioritySome fixes available 1 of 6
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the...
1 affected packages
dom4j
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dom4j | Not affected | Not affected | Vulnerable | Vulnerable | Fixed |
CVE-2018-1000632
Low prioritySome fixes available 14 of 16
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This...
1 affected packages
dom4j
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dom4j | Fixed | Fixed | Fixed | Vulnerable | Fixed |