{"id":"CVE-2018-1000632","details":"dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.","aliases":["GHSA-6pcc-3rfx-4gpm"],"modified":"2026-05-18T11:33:57.165489Z","published":"2018-08-20T19:31:31.230Z","related":["SUSE-SU-2018:2861-1","SUSE-SU-2018:2863-1","SUSE-SU-2018:3424-1","openSUSE-SU-2018:4045-1","openSUSE-SU-2024:10724-1"],"database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"8.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"oracle:flexcube_investor_servicing","extracted_events":[{"last_affected":"12.0.4"},{"last_affected":"12.1.0"},{"last_affected":"12.3.0"},{"last_affected":"12.4.0"},{"last_affected":"14.0.0"}],"cpes":["cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"oracle:primavera_p6_enterprise_project_portfolio_management","extracted_events":[{"introduced":"16.1.0.0"},{"last_affected":"16.2.20.1"},{"introduced":"17.1.0.0"},{"last_affected":"17.12.17.1"},{"introduced":"18.1.0.0"},{"last_affected":"18.8.19.0"},{"introduced":"19.12.0.0"},{"last_affected":"19.12.6.0"}],"cpes":["cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"oracle:rapid_planning","extracted_events":[{"last_affected":"12.1"},{"last_affected":"12.2"}],"cpes":["cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"oracle:retail_integration_bus","extracted_events":[{"last_affected":"15.0"},{"last_affected":"16.0"}],"cpes":["cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"oracle:utilities_framework","extracted_events":[{"introduced":"4.3.0.2.0"},{"last_affected":"4.3.0.6.0"},{"last_affected":"2.2.0"},{"last_affected":"4.2.0.2.0"},{"last_affected":"4.2.0.3.0"},{"last_affected":"4.4.0.0.0"},{"last_affected":"4.4.0.2"}],"cpes":["cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*","cpe:2.3:a:oracle:utilities_framework:2.2.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:utilities_framework:4.4.0.2:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"redhat:jboss_enterprise_application_platform","extracted_events":[{"last_affected":"6.0.0"},{"last_affected":"6.4.0"},{"last_affected":"7.1.0"},{"last_affected":"6.0.0"},{"last_affected":"6.4.0"}],"cpes":["cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"redhat:satellite","extracted_events":[{"last_affected":"6.6"}],"cpes":["cpe:2.3:a:redhat:satellite:6.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD"},{"vendor_product":"redhat:satellite_capsule","extracted_events":[{"last_affected":"6.6"}],"cpes":["cpe:2.3:a:redhat:satellite_capsule:6.6:*:*:*:*:*:*:*"],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74%40%3Ccommits.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768%40%3Cdev.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc%40%3Ccommits.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458%40%3Cdev.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce%40%3Cdev.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0%40%3Ccommits.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f%40%3Cdev.maven.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0362"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0364"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0365"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:0380"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1159"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1160"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1161"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1162"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3172"},{"type":"ADVISORY","url":"https://github.com/dom4j/dom4j/issues/48"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190530-0001/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"FIX","url":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"},{"type":"FIX","url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"type":"EVIDENCE","url":"https://ihacktoprotect.com/post/dom4j-xml-injection/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dom4j/dom4j","events":[{"introduced":"a4d39926ff08656e4cf86c37f3246029c4e9122b"},{"fixed":"177069f0e96a40ddab5ab7f41519ec29e5a39652"},{"introduced":"9b141527f6715dc2f3462cb6531ed6529a5d3008"},{"fixed":"b408f43b5abc0b0f408819e620bd69e72248352f"},{"fixed":"e598eb43d418744c4dbf62f647dd2381c9ce9387"}],"database_specific":{"extracted_events":[{"introduced":"2.0.0"},{"fixed":"2.0.3"},{"introduced":"2.1.0"},{"fixed":"2.1.1"}],"cpe":"cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["version-2.0.2","version-2.1.0","version-2.0.1","version-2.0.0","v2.0.0"],"database_specific":{"vanir_signatures_modified":"2026-05-18T11:33:57Z","vanir_signatures":[{"signature_type":"Function","digest":{"length":327,"function_hash":"199325550788090166794109819653578629307"},"deprecated":false,"target":{"function":"get","file":"src/main/java/org/dom4j/tree/QNameCache.java"},"signature_version":"v1","id":"CVE-2018-1000632-35488c68","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["314198188812661398941202424502439283026","82741579659803731321705998136504987739","151797185316034688866896672041363997013","199636037147929886189862213997516158628"]},"deprecated":false,"target":{"file":"src/main/java/org/dom4j/Namespace.java"},"signature_version":"v1","id":"CVE-2018-1000632-3bd6d515","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["147422418505375895194094920885579697205","168608690976820459163785128903439418592","285563659170242935906162937712434995479","267323759805984201773350446167363660338"]},"deprecated":false,"target":{"file":"src/main/java/org/dom4j/tree/QNameCache.java"},"signature_version":"v1","id":"CVE-2018-1000632-4648bb49","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"},{"signature_type":"Function","digest":{"length":193,"function_hash":"275065499305021125980377239777979989974"},"deprecated":false,"target":{"function":"QName","file":"src/main/java/org/dom4j/QName.java"},"signature_version":"v1","id":"CVE-2018-1000632-4d9be67a","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"},{"signature_type":"Function","digest":{"length":1013,"function_hash":"222350788314292880775679495024051012376"},"deprecated":false,"target":{"function":"escapeElementEntities","file":"src/main/java/org/dom4j/io/XMLWriter.java"},"signature_version":"v1","id":"CVE-2018-1000632-8fda56a5","source":"https://github.com/dom4j/dom4j/commit/b408f43b5abc0b0f408819e620bd69e72248352f"},{"signature_type":"Function","digest":{"length":156,"function_hash":"50164286232166251017957768309715539050"},"deprecated":false,"target":{"function":"QName","file":"src/main/java/org/dom4j/QName.java"},"signature_version":"v1","id":"CVE-2018-1000632-91a793ae","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["236725648184904110617248220882872560481","223933174473266758575948796598846298948","123995894774033409981594757100304515585","277477800638228186424227467503674312602"]},"deprecated":false,"target":{"file":"src/main/java/org/dom4j/io/XMLWriter.java"},"signature_version":"v1","id":"CVE-2018-1000632-b4384177","source":"https://github.com/dom4j/dom4j/commit/b408f43b5abc0b0f408819e620bd69e72248352f"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["159068995644970077640297364713887969558","80789274561771364052924301408417159154","151816500673044903496109026899881602596","59332901774669520718939558736875745473","280096135076175038850825573070871643726","214913607474329058805161896514755869583","42351094760623045212581057695845210285","168930601465629580222610550953789028778","91625039504964879982004240932877008270","235041418355810679284335301429235532350","30821750415135255648048159171374174012","85346269660141706510647755255497829709","113698993995322993817647003012983568741","255488862362652146981607753092155544836","290124909029656121859884563217930534750","261387688273661779705760898402365817095","109320987176496713575563761446899179581","257960915943106047139086468834030106362"]},"deprecated":false,"target":{"file":"src/main/java/org/dom4j/QName.java"},"signature_version":"v1","id":"CVE-2018-1000632-b4519614","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"},{"signature_type":"Function","digest":{"length":138,"function_hash":"206188708269763143262114288589286603567"},"deprecated":false,"target":{"function":"Namespace","file":"src/main/java/org/dom4j/Namespace.java"},"signature_version":"v1","id":"CVE-2018-1000632-c731c98f","source":"https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000632.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}