Описание
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | needs-triage | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
2.1 Low
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...
Improper Restriction of XML External Entity Reference in Apache POI
Уязвимость набора инструментов XSSFExportToXml Java-библиотеки для чтения и записи документов MS Office Apache POI, позволяющая нарушителю получить несанкционированный доступ на чтение файлов
EPSS
2.1 Low
CVSS2
5.5 Medium
CVSS3