CVE-2014-3529 – org.apache.poi:poi

Package

Manager: maven
Name: org.apache.poi:poi
Vulnerable Version: >=0 <3.10.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.04546 pctl0.88749

Details

Improper Restriction of XML External Entity Reference in Apache POI The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Metadata

Created: 2022-05-17T01:24:40Z
Modified: 2024-04-16T16:27:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q56h-jjj6-52mf/GHSA-q56h-jjj6-52mf.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-q56h-jjj6-52mf
Finding: F083
Auto approve: 1