Описание
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.10.1-1 |
| cosmic | not-affected | 3.10.1-1 |
| devel | not-affected | 3.10.1-1 |
| disco | not-affected | 3.10.1-1 |
| esm-apps/bionic | not-affected | 3.10.1-1 |
| esm-apps/xenial | not-affected | 3.10.1-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | DNE | |
| precise | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers ...
Improper Restriction of XML External Entity Reference in Apache POI
EPSS
4.3 Medium
CVSS2