XML Injection vulnerability was found in dom4j in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. Upstream issue: https://github.com/dom4j/dom4j/issues/48 Upstream patch: https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387 References: https://ihacktoprotect.com/post/dom4j-xml-injection/
Created dom4j tracking bugs for this issue: Affects: fedora-all [bug 1620535]
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2019:0362 https://access.redhat.com/errata/RHSA-2019:0362
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Via RHSA-2019:0364 https://access.redhat.com/errata/RHSA-2019:0364
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Via RHSA-2019:0365 https://access.redhat.com/errata/RHSA-2019:0365
This issue has been addressed in the following products: Red Hat Single Sign-On 7.2.6 zip Via RHSA-2019:0380 https://access.redhat.com/errata/RHSA-2019:0380
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Via RHSA-2019:1159 https://access.redhat.com/errata/RHSA-2019:1159
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2019:1161 https://access.redhat.com/errata/RHSA-2019:1161
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2019:1160 https://access.redhat.com/errata/RHSA-2019:1160
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2019:1162 https://access.redhat.com/errata/RHSA-2019:1162
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Operations Network 3 * Red Hat JBoss Fuse 6 * Red Hat JBoss Fuse Service Works 6 * Red Hat JBoss SOA Platform 5 * Red Hat JBoss BRMS 5 * Red Hat JBoss BRMS 6 * Red Hat JBoss BPM Suite 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
This issue has been addressed in the following products: Red Hat Satellite 6.6 for RHEL 7 Via RHSA-2019:3172 https://access.redhat.com/errata/RHSA-2019:3172
This issue has been addressed in the following products: Red Hat Fuse 7.7.0 Via RHSA-2020:3192 https://access.redhat.com/errata/RHSA-2020:3192