USN-4575-1: dom4j vulnerability

Q: What is the vulnerability ID for the dom4j vulnerability?

The vulnerability ID for the dom4j vulnerability is CVE-2020-10683.

Q: How does the dom4j vulnerability affect systems?

The dom4j vulnerability can expose sensitive data or potentially execute arbitrary code.

Q: What software is affected by the dom4j vulnerability?

The libdom4j-java package version 1.6.1+dfsg.3-2ubuntu1.1 on Ubuntu 16.04 is affected by the dom4j vulnerability.

Q: How can the dom4j vulnerability be fixed?

To fix the dom4j vulnerability, update the libdom4j-java package to version 1.6.1+dfsg.3-2ubuntu1.1 or higher.

Q: Where can I find more information about the dom4j vulnerability?

More information about the dom4j vulnerability can be found at the following references: [CVE-2020-10683](https://ubuntu.com/security/CVE-2020-10683), [Ubuntu Security Notice USN-4575-1](https://ubuntu.com/security/notices/USN-4575-1).

Published Oct 13, 2020

Updated

It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. (CVE-2020-10683)

Affected Software

2 affected componentsFixes available

All of the following

ubuntu/libdom4j-java<1.6.1+dfsg.3-2ubuntu1.1

1.6.1+dfsg.3-2ubuntu1.1

Ubuntu Ubuntu=16.04

Event History

Oct 13, 2020

Advisory Published

via Ubuntu·12:00 AM

Child vulnerabilities

Contains the following vulnerabilities.

CVE-2020-10683

Frequently Asked Questions

What is the vulnerability ID for the dom4j vulnerability?

The vulnerability ID for the dom4j vulnerability is CVE-2020-10683.

How does the dom4j vulnerability affect systems?

The dom4j vulnerability can expose sensitive data or potentially execute arbitrary code.

What software is affected by the dom4j vulnerability?

The libdom4j-java package version 1.6.1+dfsg.3-2ubuntu1.1 on Ubuntu 16.04 is affected by the dom4j vulnerability.

How can the dom4j vulnerability be fixed?