CVE-2022-23640

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23640

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23640.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23640

Aliases

GHSA-xvm2-9xvc-hx7f

Published

2022-03-02T20:15:07Z

Modified

2024-05-14T11:35:48.191374Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.

References

Affected packages

Git / github.com/monitorjbl/excel-streaming-reader

Affected ranges

Type: GIT
Repo: https://github.com/monitorjbl/excel-streaming-reader
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0749c7b9709db078ccdeada16d46a34bc2910c73

Affected versions

0.*

0.1

0.2

0.2.1

0.2.10

0.2.11

0.2.12

0.2.13

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.2.9

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.2.1

2.*

2.0.0