Advisories » MGASA-2019-0077

Updated dom4j packages fix security vulnerability

Publication date: 14 Feb 2019
Modification date: 14 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000632

Description

dom4j version prior to version 2.1.1 contains an XML Injection vulnerability
in Class: Element. Methods: addElement, addAttribute that can result in an
attacker tampering with XML documents through XML injection. This attack
appears to be exploitable via an attacker specifying attributes or elements
in the XML document (CVE-2018-1000632).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23677
• https://lists.opensuse.org/opensuse-updates/2018-09/msg00174.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632

SRPMS

6/core

• dom4j-1.6.1-28.1.mga6