Описание
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Impact
Prior to xlsx-streamer 2.1.0, the XML parser that was used did not apply all the necessary settings to prevent XML Entity Expansion issues.
Patches
Upgrade to version 2.1.0.
Workarounds
No known workaround.
References
https://github.com/monitorjbl/excel-streaming-reader/commit/0749c7b9709db078ccdeada16d46a34bc2910c73
For more information
If you have any questions or comments about this advisory:
- Open an issue in monitorjbl/excel-streaming-reader
Пакеты
com.monitorjbl:xlsx-streamer
< 2.1.0
2.1.0
Связанные уязвимости
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.