dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection
vulnerability in Class: Element. Methods: addElement, addAttribute that can
result in an attacker tampering with XML documents through XML injection.
This attack appear to be exploitable via an attacker specifying attributes
or elements in the XML document. This vulnerability appears to have been
fixed in 2.1.1 or later.
Source: dom4j (LP Ubuntu Debian)
Upstream:released (2.1.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.1.1-1)
Ubuntu 19.04 (Disco Dingo):released (2.1.1-1)
More Information

Updated: 2019-01-14 21:28:23 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)