CVE-2020-10683

Source
https://cve.org/CVERecord?id=CVE-2020-10683
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10683.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-10683
Aliases
Downstream
Related
Published
2020-05-01T19:15:12.927Z
Modified
2026-06-18T04:04:48.227378395Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Database specific
{
    "unresolved_ranges": [
        {
            "vendor_product": "oracle:banking_platform",
            "extracted_events": [
                {
                    "introduced": "2.4.0"
                },
                {
                    "last_affected": "2.10.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.2.2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:communications_diameter_signaling_router"
        },
        {
            "vendor_product": "oracle:documaker",
            "extracted_events": [
                {
                    "introduced": "12.6.0"
                },
                {
                    "last_affected": "12.6.4"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "vendor_product": "oracle:financial_services_analytical_applications_infrastructure",
            "extracted_events": [
                {
                    "introduced": "8.0.6"
                },
                {
                    "last_affected": "8.1.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "11.1.0"
                },
                {
                    "last_affected": "11.3.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:insurance_policy_administration_j2ee"
        },
        {
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "11.1.0"
                },
                {
                    "last_affected": "11.3.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:insurance_rules_palette"
        },
        {
            "vendor_product": "oracle:primavera_p6_enterprise_project_portfolio_management",
            "extracted_events": [
                {
                    "introduced": "16.1.0.0"
                },
                {
                    "last_affected": "16.2.20.1"
                },
                {
                    "introduced": "17.1.0.0"
                },
                {
                    "last_affected": "17.12.17.1"
                },
                {
                    "introduced": "18.1.0.0"
                },
                {
                    "last_affected": "18.8.19.0"
                },
                {
                    "introduced": "19.12.0.0"
                },
                {
                    "last_affected": "19.12.6.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "vendor_product": "oracle:utilities_framework",
            "extracted_events": [
                {
                    "introduced": "4.3.0.1.0"
                },
                {
                    "last_affected": "4.3.0.6.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "vendor_product": "canonical:ubuntu_linux",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ],
            "cpes": [
                "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "15.1"
                }
            ],
            "cpes": [
                "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "opensuse:leap"
        },
        {
            "vendor_product": "oracle:agile_plm",
            "extracted_events": [
                {
                    "last_affected": "9.3.3"
                },
                {
                    "last_affected": "9.3.5"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "13.3.0.1"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:application_testing_suite"
        },
        {
            "vendor_product": "oracle:business_process_management_suite",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:communications_application_session_controller",
            "extracted_events": [
                {
                    "last_affected": "3.9m0p1"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:communications_unified_inventory_management",
            "extracted_events": [
                {
                    "last_affected": "7.3.0"
                },
                {
                    "last_affected": "7.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:data_integrator",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "3.2.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:endeca_information_discovery_integrator"
        },
        {
            "vendor_product": "oracle:enterprise_data_quality",
            "extracted_events": [
                {
                    "last_affected": "11.1.1.9.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:enterprise_manager_base_platform",
            "extracted_events": [
                {
                    "last_affected": "13.4.0.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:flexcube_core_banking",
            "extracted_events": [
                {
                    "last_affected": "11.7.0"
                },
                {
                    "last_affected": "11.8.0"
                },
                {
                    "last_affected": "11.9.0"
                },
                {
                    "last_affected": "11.10.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:fusion_middleware",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:health_sciences_empirica_signal"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "3.0.1"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:health_sciences_information_manager"
        },
        {
            "vendor_product": "oracle:insurance_policy_administration_j2ee",
            "extracted_events": [
                {
                    "last_affected": "10.2.0"
                },
                {
                    "last_affected": "10.2.4"
                },
                {
                    "last_affected": "11.0.2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:insurance_rules_palette",
            "extracted_events": [
                {
                    "last_affected": "10.2.0"
                },
                {
                    "last_affected": "10.2.4"
                },
                {
                    "last_affected": "11.0.2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:jdeveloper",
            "extracted_events": [
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:rapid_planning",
            "extracted_events": [
                {
                    "last_affected": "12.1"
                },
                {
                    "last_affected": "12.2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:retail_customer_management_and_segmentation_foundation",
            "extracted_events": [
                {
                    "last_affected": "16.0"
                },
                {
                    "last_affected": "17.0"
                },
                {
                    "last_affected": "18.0"
                },
                {
                    "last_affected": "19.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:retail_integration_bus",
            "extracted_events": [
                {
                    "last_affected": "15.0"
                },
                {
                    "last_affected": "16.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:retail_order_broker",
            "extracted_events": [
                {
                    "last_affected": "15.0"
                },
                {
                    "last_affected": "16.0"
                },
                {
                    "last_affected": "18.0"
                },
                {
                    "last_affected": "19.0"
                },
                {
                    "last_affected": "19.1"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:retail_price_management",
            "extracted_events": [
                {
                    "last_affected": "14.0.3"
                },
                {
                    "last_affected": "14.1.3.0"
                },
                {
                    "last_affected": "15.0.3.0"
                },
                {
                    "last_affected": "16.0.3.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:retail_price_management:14.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:retail_xstore_point_of_service",
            "extracted_events": [
                {
                    "last_affected": "15.0.4"
                },
                {
                    "last_affected": "16.0.6"
                },
                {
                    "last_affected": "17.0.4"
                },
                {
                    "last_affected": "18.0.3"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "oracle:storagetek_tape_analytics_sw_tool",
            "extracted_events": [
                {
                    "last_affected": "2.3"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "last_affected": "2.2.0.0.0"
                },
                {
                    "last_affected": "4.2.0.2.0"
                },
                {
                    "last_affected": "4.2.0.3.0"
                },
                {
                    "last_affected": "4.4.0.0.0"
                },
                {
                    "last_affected": "4.4.0.2.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:utilities_framework"
        },
        {
            "vendor_product": "oracle:webcenter_portal",
            "extracted_events": [
                {
                    "last_affected": "11.1.1.9.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/dom4j/dom4j

Affected ranges

Type
GIT
Repo
https://github.com/dom4j/dom4j
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.3"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.3"
        }
    ],
    "cpe": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

dom4j-2.*
dom4j-2.0.0-RC1
v2.*
v2.0.0
version-2.*
version-2.0.0
version-2.0.1
version-2.0.2
version-2.0.3
version-2.1.2

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10683.json"