In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-10-23T19:27:20
Updated: 2021-10-20T10:38:23
Reserved: 2019-05-28T00:00:00
Link: CVE-2019-12415
JSON object: View
NVD Information
Status : Modified
Published: 2019-10-23T20:15:12.707
Modified: 2023-11-07T03:03:34.267
Link: CVE-2019-12415
JSON object: View
Redhat Information
No data.
CWE