CVE-2018-1000632

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-1000632
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000632.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1000632
Aliases
Downstream
Related
Published
2018-08-20T19:31:31.230Z
Modified
2026-06-18T04:04:13.730888177Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "16.1.0.0"
                },
                {
                    "last_affected": "16.2.20.1"
                },
                {
                    "introduced": "17.1.0.0"
                },
                {
                    "last_affected": "17.12.17.1"
                },
                {
                    "introduced": "18.1.0.0"
                },
                {
                    "last_affected": "18.8.19.0"
                },
                {
                    "introduced": "19.12.0.0"
                },
                {
                    "last_affected": "19.12.6.0"
                }
            ],
            "vendor_product": "oracle:primavera_p6_enterprise_project_portfolio_management"
        },
        {
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "4.3.0.2.0"
                },
                {
                    "last_affected": "4.3.0.6.0"
                }
            ],
            "vendor_product": "oracle:utilities_framework"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "vendor_product": "debian:debian_linux"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "12.0.4"
                },
                {
                    "last_affected": "12.1.0"
                },
                {
                    "last_affected": "12.3.0"
                },
                {
                    "last_affected": "12.4.0"
                },
                {
                    "last_affected": "14.0.0"
                }
            ],
            "vendor_product": "oracle:flexcube_investor_servicing"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "12.1"
                },
                {
                    "last_affected": "12.2"
                }
            ],
            "vendor_product": "oracle:rapid_planning"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "15.0"
                },
                {
                    "last_affected": "16.0"
                }
            ],
            "vendor_product": "oracle:retail_integration_bus"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:oracle:utilities_framework:2.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:utilities_framework:4.4.0.2:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "2.2.0"
                },
                {
                    "last_affected": "4.2.0.2.0"
                },
                {
                    "last_affected": "4.2.0.3.0"
                },
                {
                    "last_affected": "4.4.0.0.0"
                },
                {
                    "last_affected": "4.4.0.2"
                }
            ],
            "vendor_product": "oracle:utilities_framework"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.0.0"
                },
                {
                    "last_affected": "6.4.0"
                },
                {
                    "last_affected": "7.1.0"
                },
                {
                    "last_affected": "6.0.0"
                },
                {
                    "last_affected": "6.4.0"
                }
            ],
            "vendor_product": "redhat:jboss_enterprise_application_platform"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:redhat:satellite:6.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.6"
                }
            ],
            "vendor_product": "redhat:satellite"
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:redhat:satellite_capsule:6.6:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "6.6"
                }
            ],
            "vendor_product": "redhat:satellite_capsule"
        }
    ]
}
References

Affected packages

Git / github.com/dom4j/dom4j

Affected ranges

Type
GIT
Repo
https://github.com/dom4j/dom4j
Events
Introduced
a4d39926ff08656e4cf86c37f3246029c4e9122b
Fixed
177069f0e96a40ddab5ab7f41519ec29e5a39652
Introduced
9b141527f6715dc2f3462cb6531ed6529a5d3008
Fixed
b408f43b5abc0b0f408819e620bd69e72248352f
Fixed
e598eb43d418744c4dbf62f647dd2381c9ce9387
Database specific 
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.3"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.1"
        }
    ],
    "cpe": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*"
}

Affected versions

v2.*
v2.0.0
version-2.*
version-2.0.0
version-2.0.1
version-2.0.2
version-2.1.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000632.json"