Vulnerabilities

CVE-2019-12415

by Fred · 23/10/2019

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Date published : 2019-10-23

https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E

https://www.oracle.com//security-alerts/cpujul2021.html

Similar

Tags: Cybersecurity Alert