Lucene search

K

ApacheCVELIST:CVE-2019-12415

HistoryOct 23, 2019 - 7:27 p.m.

CVE-2019-12415

2019-10-2319:27:20

apache

www.cve.org

2

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

CNA Affected

[
  {
    "product": "Apache POI",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache POI up to 4.1.0"
      }
    ]
  }
]

References

lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E

lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E

lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E

lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/security-alerts/cpuoct2021.html

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

Related for CVELIST:CVE-2019-12415

ibm15 nvd1 osv2 github1 symantec1 ubuntucve1 redhatcve1 prion1 veracode1 cve1 debiancve1 nessus7 redhat1 oracle11