dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection
vulnerability in Class: Element. Methods: addElement, addAttribute that can
result in an attacker tampering with XML documents through XML injection.
This attack appear to be exploitable via an attacker specifying attributes
or elements in the XML document. This vulnerability appears to have been
fixed in 2.1.1 or later.
Source: dom4j (LP Ubuntu Debian)
Upstream:released (2.1.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.1.1-1)
Ubuntu 19.04 (Disco Dingo):released (2.1.1-1)
Ubuntu 19.10 (Eoan):released (2.1.1-1)
More Information

Updated: 2019-05-15 17:16:58 UTC (commit 2d71aefac924bf16479c12958688c37878e881eb)