GHSA-q56h-jjj6-52mf

Source

https://github.com/advisories/GHSA-q56h-jjj6-52mf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q56h-jjj6-52mf/GHSA-q56h-jjj6-52mf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-q56h-jjj6-52mf

Aliases

CVE-2014-3529

Published

2022-05-17T01:24:40Z

Modified

2024-12-08T05:29:38.053062Z

Summary

Improper Restriction of XML External Entity Reference in Apache POI

Details

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Database specific

{
    "nvd_published_at": "2014-09-04T17:55:00Z",
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:42:15Z"
}

References

Affected packages

Maven / org.apache.poi:poi

Package

Name: org.apache.poi:poi; View open source insights on deps.dev
Purl: pkg:maven/org.apache.poi/poi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.10.1

Affected versions

3.*

3.0-FINAL

3.0.1-FINAL

3.0.2-beta1

3.0.2-beta2

3.0.2-FINAL

3.1-beta1

3.1-beta2

3.1-FINAL

3.2-FINAL

3.5-beta1

3.5-beta3

3.5-beta4

3.5-beta5

3.5-beta6

3.5-FINAL

3.6

3.7-beta1

3.7-beta2

3.7-beta3

3.7

3.8-beta1

3.8-beta2

3.8-beta3

3.8-beta4

3.8-beta5

3.8

3.9

3.10-beta1

3.10-beta2

3.10-FINAL