Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12415 | 1 Apache | 1 Poi | 2021-10-20 | 2.1 LOW | 5.5 MEDIUM |
| In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | |||||
| CVE-2016-5000 | 1 Apache | 1 Poi | 2020-10-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2017-5644 | 1 Apache | 1 Poi | 2020-10-20 | 7.1 HIGH | 5.5 MEDIUM |
| Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | |||||