In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-04T23:17:40.071Z

Reserved: 2019-05-28T00:00:00

Link: CVE-2019-12415

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-23T20:15:12.707

Modified: 2024-11-21T04:22:47.553

Link: CVE-2019-12415

cve-icon Redhat

Severity : Low

Publid Date: 2020-02-13T00:00:00Z

Links: CVE-2019-12415 - Bugzilla

cve-icon OpenCVE Enrichment

No data.