Описание
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Virtualization 3 | jasperreports-server-pro | Not affected | ||
| Red Hat JBoss BPMS 6.3.0 | poi | Not affected | ||
| Red Hat JBoss BRMS 5.3.1 | poi | Not affected | ||
| Red Hat JBoss BRMS 6.3.0 | poi | Not affected | ||
| Red Hat JBoss Data Virtualization 6.2.4 | poi | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | poi | Not affected | ||
| Red Hat JBoss Portal Platform 6.2.0 | poi | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
7.1 High
CVSS2
Связанные уязвимости
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...
Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability
7.5 High
CVSS3
7.1 High
CVSS2