CVE-2018-1000632

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000632
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000632.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000632
Aliases
Downstream
Related
Published
2018-08-20T19:31:31.230Z
Modified
2026-03-10T14:31:23.561128Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

References

Affected packages

Git / github.com/dom4j/dom4j

Affected ranges

Type
GIT
Repo
https://github.com/dom4j/dom4j
Events
Introduced
a4d39926ff08656e4cf86c37f3246029c4e9122b
Fixed
177069f0e96a40ddab5ab7f41519ec29e5a39652
Introduced
9b141527f6715dc2f3462cb6531ed6529a5d3008
Fixed
b408f43b5abc0b0f408819e620bd69e72248352f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ff2f78cddc4776891ba3f90057aa90b7893e5700
Fixed
e598eb43d418744c4dbf62f647dd2381c9ce9387
Database specific 
{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.3"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        }
    ]
}

Affected versions

v2.*
v2.0.0
version-2.*
version-2.0.0
version-2.0.1
version-2.0.2
version-2.1.0
version-2.1.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000632.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "199325550788090166794109819653578629307",
            "length": 327.0
        },
        "source": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
        "signature_type": "Function",
        "id": "CVE-2018-1000632-35488c68",
        "target": {
            "file": "src/main/java/org/dom4j/tree/QNameCache.java",
            "function": "get"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "314198188812661398941202424502439283026",
                "82741579659803731321705998136504987739",
                "151797185316034688866896672041363997013",
                "199636037147929886189862213997516158628"
            ]
        },
        "source": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
        "signature_type": "Line",
        "id": "CVE-2018-1000632-3bd6d515",
        "target": {
            "file": "src/main/java/org/dom4j/Namespace.java"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "147422418505375895194094920885579697205",
                "168608690976820459163785128903439418592",
                "285563659170242935906162937712434995479",
                "267323759805984201773350446167363660338"
            ]
        },
        "source": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
        "signature_type": "Line",
        "id": "CVE-2018-1000632-4648bb49",
        "target": {
            "file": "src/main/java/org/dom4j/tree/QNameCache.java"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "275065499305021125980377239777979989974",
            "length": 193.0
        },
        "source": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
        "signature_type": "Function",
        "id": "CVE-2018-1000632-4d9be67a",
        "target": {
            "file": "src/main/java/org/dom4j/QName.java",
            "function": "QName"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "222350788314292880775679495024051012376",
            "length": 1013.0
        },
        "source": "https://github.com/dom4j/dom4j/commit/b408f43b5abc0b0f408819e620bd69e72248352f",
        "signature_type": "Function",
        "id": "CVE-2018-1000632-8fda56a5",
        "target": {
            "file": "src/main/java/org/dom4j/io/XMLWriter.java",
            "function": "escapeElementEntities"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "50164286232166251017957768309715539050",
            "length": 156.0
        },
        "source": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
        "signature_type": "Function",
        "id": "CVE-2018-1000632-91a793ae",
        "target": {
            "file": "src/main/java/org/dom4j/QName.java",
            "function": "QName"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "236725648184904110617248220882872560481",
                "223933174473266758575948796598846298948",
                "123995894774033409981594757100304515585",
                "277477800638228186424227467503674312602"
            ]
        },
        "source": "https://github.com/dom4j/dom4j/commit/b408f43b5abc0b0f408819e620bd69e72248352f",
        "signature_type": "Line",
        "id": "CVE-2018-1000632-b4384177",
        "target": {
            "file": "src/main/java/org/dom4j/io/XMLWriter.java"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "159068995644970077640297364713887969558",
                "80789274561771364052924301408417159154",
                "151816500673044903496109026899881602596",
                "59332901774669520718939558736875745473",
                "280096135076175038850825573070871643726",
                "214913607474329058805161896514755869583",
                "42351094760623045212581057695845210285",
                "168930601465629580222610550953789028778",
                "91625039504964879982004240932877008270",
                "235041418355810679284335301429235532350",
                "30821750415135255648048159171374174012",
                "85346269660141706510647755255497829709",
                "113698993995322993817647003012983568741",
                "255488862362652146981607753092155544836",
                "290124909029656121859884563217930534750",
                "261387688273661779705760898402365817095",
                "109320987176496713575563761446899179581",
                "257960915943106047139086468834030106362"
            ]
        },
        "source": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
        "signature_type": "Line",
        "id": "CVE-2018-1000632-b4519614",
        "target": {
            "file": "src/main/java/org/dom4j/QName.java"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "206188708269763143262114288589286603567",
            "length": 138.0
        },
        "source": "https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387",
        "signature_type": "Function",
        "id": "CVE-2018-1000632-c731c98f",
        "target": {
            "file": "src/main/java/org/dom4j/Namespace.java",
            "function": "Namespace"
        }
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "14.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.1.0.0"
            },
            {
                "last_affected": "16.2.20.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.1.0.0"
            },
            {
                "last_affected": "17.12.17.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "18.1.0.0"
            },
            {
                "last_affected": "18.8.19.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "19.12.0.0"
            },
            {
                "last_affected": "19.12.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.3.0.2.0"
            },
            {
                "last_affected": "4.3.0.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.2.0.2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.2.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.4.0.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.4.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.4.0"
            }
        ]
    }
]