- Vulnerability/
- USN-4575-1
USN-4575-1: dom4j vulnerability
First published: Tue Oct 13 2020(Updated: )
It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. (CVE-2020-10683)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libdom4j-java | <1.6.1+dfsg.3-2ubuntu1.1 | 1.6.1+dfsg.3-2ubuntu1.1 |
| Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the dom4j vulnerability?
The vulnerability ID for the dom4j vulnerability is CVE-2020-10683.
How does the dom4j vulnerability affect systems?
The dom4j vulnerability can expose sensitive data or potentially execute arbitrary code.
What software is affected by the dom4j vulnerability?
The libdom4j-java package version 1.6.1+dfsg.3-2ubuntu1.1 on Ubuntu 16.04 is affected by the dom4j vulnerability.
How can the dom4j vulnerability be fixed?
To fix the dom4j vulnerability, update the libdom4j-java package to version 1.6.1+dfsg.3-2ubuntu1.1 or higher.
Where can I find more information about the dom4j vulnerability?
More information about the dom4j vulnerability can be found at the following references: [CVE-2020-10683](https://ubuntu.com/security/CVE-2020-10683), [Ubuntu Security Notice USN-4575-1](https://ubuntu.com/security/notices/USN-4575-1).
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/title
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/16.04