Security Advisory

CVE-2019-12415

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-23 19:27:20

Last updated 2024-08-04 23:17:40

Assigner apache

State PUBLISHED

Description

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

← Browse all CVEs View on cve.org ↗