{"id":"CVE-2018-1000632","details":"dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.","aliases":["GHSA-6pcc-3rfx-4gpm"],"modified":"2026-04-16T06:17:20.016452692Z","published":"2018-08-20T19:31:31.230Z","related":["SUSE-SU-2018:2861-1","SUSE-SU-2018:2863-1","SUSE-SU-2018:3424-1","openSUSE-SU-2018:4045-1","openSUSE-SU-2024:10724-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74%40%3Ccommits.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc%40%3Ccommits.maven.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f%40%3Cdev.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce%40%3Cdev.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768%40%3Cdev.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0%40%3Ccommits.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/"},{"type":"WEB","url":"https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458%40%3Cdev.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1160"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3172"},{"type":"ADVISORY","url":"https://github.com/dom4j/dom4j/issues/48"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0380"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0362"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1162"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190530-0001/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0365"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1161"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0364"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1159"},{"type":"FIX","url":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"type":"EVIDENCE","url":"https://ihacktoprotect.com/post/dom4j-xml-injection/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dom4j/dom4j","events":[{"introduced":"a4d39926ff08656e4cf86c37f3246029c4e9122b"},{"fixed":"177069f0e96a40ddab5ab7f41519ec29e5a39652"},{"introduced":"9b141527f6715dc2f3462cb6531ed6529a5d3008"},{"fixed":"b408f43b5abc0b0f408819e620bd69e72248352f"},{"introduced":"0"},{"last_affected":"ff2f78cddc4776891ba3f90057aa90b7893e5700"},{"fixed":"e598eb43d418744c4dbf62f647dd2381c9ce9387"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"fixed":"2.0.3"},{"introduced":"2.1.0"},{"fixed":"2.1.1"},{"introduced":"0"},{"last_affected":"2.2.0"}]}}],"versions":["v2.0.0","version-2.0.0","version-2.0.1","version-2.0.2","version-2.0.3","version-2.1.0","version-2.1.2","version-2.1.3","version-2.1.4","version/2.1.5","version/2.2.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T03:11:52Z","vanir_signatures":[{"target":{"file":"src/main/java/org/dom4j/tree/QNameCache.java","function":"get"},"deprecated":false,"signature_version":"v1","id":"CVE-2018-1000632-35488c68","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387","signature_type":"Function","digest":{"length":327,"function_hash":"199325550788090166794109819653578629307"}},{"target":{"file":"src/main/java/org/dom4j/Namespace.java"},"deprecated":false,"signature_version":"v1","id":"CVE-2018-1000632-3bd6d515","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387","signature_type":"Line","digest":{"line_hashes":["314198188812661398941202424502439283026","82741579659803731321705998136504987739","151797185316034688866896672041363997013","199636037147929886189862213997516158628"],"threshold":0.9}},{"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2018-1000632-4648bb49","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387","digest":{"line_hashes":["147422418505375895194094920885579697205","168608690976820459163785128903439418592","285563659170242935906162937712434995479","267323759805984201773350446167363660338"],"threshold":0.9},"target":{"file":"src/main/java/org/dom4j/tree/QNameCache.java"}},{"target":{"file":"src/main/java/org/dom4j/QName.java","function":"QName"},"deprecated":false,"signature_version":"v1","id":"CVE-2018-1000632-4d9be67a","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387","signature_type":"Function","digest":{"length":193,"function_hash":"275065499305021125980377239777979989974"}},{"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2018-1000632-8fda56a5","source":"https://github.com/dom4j/dom4j/commit/b408f43b5abc0b0f408819e620bd69e72248352f","digest":{"length":1013,"function_hash":"222350788314292880775679495024051012376"},"target":{"file":"src/main/java/org/dom4j/io/XMLWriter.java","function":"escapeElementEntities"}},{"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"CVE-2018-1000632-91a793ae","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387","digest":{"length":156,"function_hash":"50164286232166251017957768309715539050"},"target":{"file":"src/main/java/org/dom4j/QName.java","function":"QName"}},{"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"CVE-2018-1000632-b4384177","source":"https://github.com/dom4j/dom4j/commit/b408f43b5abc0b0f408819e620bd69e72248352f","digest":{"line_hashes":["236725648184904110617248220882872560481","223933174473266758575948796598846298948","123995894774033409981594757100304515585","277477800638228186424227467503674312602"],"threshold":0.9},"target":{"file":"src/main/java/org/dom4j/io/XMLWriter.java"}},{"digest":{"line_hashes":["159068995644970077640297364713887969558","80789274561771364052924301408417159154","151816500673044903496109026899881602596","59332901774669520718939558736875745473","280096135076175038850825573070871643726","214913607474329058805161896514755869583","42351094760623045212581057695845210285","168930601465629580222610550953789028778","91625039504964879982004240932877008270","235041418355810679284335301429235532350","30821750415135255648048159171374174012","85346269660141706510647755255497829709","113698993995322993817647003012983568741","255488862362652146981607753092155544836","290124909029656121859884563217930534750","261387688273661779705760898402365817095","109320987176496713575563761446899179581","257960915943106047139086468834030106362"],"threshold":0.9},"deprecated":false,"signature_version":"v1","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387","id":"CVE-2018-1000632-b4519614","target":{"file":"src/main/java/org/dom4j/QName.java"},"signature_type":"Line"},{"digest":{"length":138,"function_hash":"206188708269763143262114288589286603567"},"deprecated":false,"signature_version":"v1","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387","id":"CVE-2018-1000632-c731c98f","target":{"file":"src/main/java/org/dom4j/Namespace.java","function":"Namespace"},"signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000632.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.0.0"}]},{"events":[{"introduced":"16.1.0.0"},{"last_affected":"16.2.20.1"}]},{"events":[{"introduced":"17.1.0.0"},{"last_affected":"17.12.17.1"}]},{"events":[{"introduced":"18.1.0.0"},{"last_affected":"18.8.19.0"}]},{"events":[{"introduced":"19.12.0.0"},{"last_affected":"19.12.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0"}]},{"events":[{"introduced":"4.3.0.2.0"},{"last_affected":"4.3.0.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.0.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.2.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.0.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.4.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.4.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}