Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
{ "ubuntu_priority": "medium" }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "4.0.1-1~18.03", "binary_name": "libapache-poi-java" }, { "binary_version": "4.0.1-1~18.03", "binary_name": "libapache-poi-java-doc" } ] }