Dom4j_project Dom4j
2 CVEs affecting Dom4j_project Dom4j. Latest disclosed: 2020-05-01. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-10683 | Critical | 9.8 | 2020-05-01 | dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular exte… |
CVE-2018-1000632 | High | 7.5 | 2018-08-20 | dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an… |