RobertHathaway created SOLR-13113:
-------------------------------------
Summary: CVE-2018-1000632 Threat Level 7 Against Solr v7.6.
dom4j : dom4j : 1.6.1. dom4j version prior to version 2.1.1 contains a CWE-91:
XML Injection vulnerability in Class: Element. Methods: addElement,
addAttribute ...
Key: SOLR-13113
URL: https://issues.apache.org/jira/browse/SOLR-13113
Project: Solr
Issue Type: Bug
Security Level: Public (Default Security Level. Issues are Public)
Environment: RedHat Linux. May run from RHEL versions 5, 6 or 7 but
this issue is from Sonatype component scan and should be independent of Linux
platform version.
Reporter: RobertHathaway
We can't move to Solr 7 without fixing this issue flagged by Sonatype scan Of
Solr - 7.6.0 Build,
Using Scanner 1.56.0-01
Threat Level 7 Against Solr v7.6. dom4j : dom4j : 1.6.1
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection
vulnerability in Class: Element. Methods: addElement, addAttribute that can
result in an attacker tampering with XML documents through XML injection. This
attack appear to be exploitable via an attacker specifying attributes or
elements in the XML document. This vulnerability appears to have been fixed in
2.1.1 or later.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000632
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
