dom4j:dom4j@1.6.1 vulnerabilities

latest version

20040902.021138

first published

19 years ago

latest version published

19 years ago

licenses detected

Dom4J
[1.1,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the dom4j:dom4j package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H XML External Entity (XXE) Injection dom4j:dom4j is a flexible XML framework for Java. Note: this artifact has been deprecated for `org.dom4j:dom4j`. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. By using the default `SaxReader()` provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE. How to fix XML External Entity (XXE) Injection? There is no fixed version for `dom4j:dom4j`.	[0,)
H XML External Entity (XXE) Injection dom4j:dom4j is a flexible XML framework for Java. Note: this artifact has been deprecated for `org.dom4j:dom4j`. Affected versions of this package are vulnerable to XML External Entity (XXE) Injection due to improper validation of the `QName` inputs. How to fix XML External Entity (XXE) Injection? There is no fixed version for `dom4j:dom4j`.	[0,)

XML External Entity (XXE) Injection

dom4j:dom4j is a flexible XML framework for Java. Note: this artifact has been deprecated for org.dom4j:dom4j.

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. By using the default SaxReader() provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE.

How to fix XML External Entity (XXE) Injection?

There is no fixed version for dom4j:dom4j.

[0,)