Lucene search

Veracode Vulnerability DatabaseVERACODE:21775

HistoryOct 24, 2019 - 7:13 a.m.

XML External Entity (XXE)

2019-10-2407:13:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

40.7%

JSON

Apache Poi is vulnerable to XML external entity (XXE). During the use of XSSFExportToXml tool to convert user-provided Microsoft Excel documents, it is possible for an attacker to parse a malicious Microsoft Excel document containing a reference to an external entity and perform requests on behalf of the server.

CPENameOperatorVersion
apache poi - api based on opc and ooxml schemaseq3.5-FINAL
apache poi - api based on opc and ooxml schemasle4.1.0

CPE	Name	Operator	Version
	apache poi - api based on opc and ooxml schemas	eq	3.5-FINAL
	apache poi - api based on opc and ooxml schemas	le	4.1.0

References

github.com/apache/poi/commit/780b078c8504719e04c26a22c1bd846f8b521022

lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E

lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E

lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E

lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/security-alerts/cpuoct2021.html

0.001 Low

EPSS

Percentile

40.7%

JSON

Related for VERACODE:21775