The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-4891 The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Github GHSA Github GHSA GHSA-q56h-jjj6-52mf Improper Restriction of XML External Entity Reference in Apache POI
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T10:50:16.343Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3529

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-09-04T17:55:05.623

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-3529

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-08-18T00:00:00Z

Links: CVE-2014-3529 - Bugzilla

cve-icon OpenCVE Enrichment

No data.