GHSA-78vv-qj73-h9m5

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.5

Описание

Improper Restriction of Recursive Entity References in DTDs in Apache POI

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Ссылки

Пакеты

Наименование

org.apache.poi:poi

maven

Затронутые версииВерсия исправления

< 3.15

3.15

EPSS

Процентиль: 71%

0.0066

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2017-5644

Дефекты

CWE-776

Связанные уязвимости

CVE-2017-5644

CVSS3: 5.5

ubuntu

почти 9 лет назад

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CVE-2017-5644

CVSS3: 5.5

nvd

почти 9 лет назад

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CVE-2017-5644

CVSS3: 5.5

debian

почти 9 лет назад

Apache POI in versions prior to release 3.15 allows remote attackers t ...

EPSS

Процентиль: 71%

0.0066

Низкий

5.5 Medium

CVSS3

CVE ID

CVE-2017-5644

Дефекты

CWE-776