USN-4619-1: dom4j vulnerability
5 November 2020
dom4j could be made to crash or run programs if it received a specially crafted file.
- dom4j - Flexible XML framework for Java
Mário Areias discovered that dom4j did not properly validate XML document
elements. An attacker could exploit this with a crafted XML file to cause
dom4j to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2018-1000632)