The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-08-05T14:00:00
Updated: 2020-10-20T21:14:51
Reserved: 2016-05-24T00:00:00
Link: CVE-2016-5000
JSON object: View
NVD Information
Status : Modified
Published: 2016-08-05T14:59:10.143
Modified: 2023-11-07T02:32:52.937
Link: CVE-2016-5000
JSON object: View
Redhat Information
No data.
CWE