UNKNOWN Maven
Improper Restriction of XML External Entity Reference in Apache POI
GHSA-q56h-jjj6-52mf · CVE-2014-3529
Published · Modified
Description
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3529
- WEB https://github.com/apache/poi/commit/103b45073c7b504236588b3acc146530205af53c
- WEB https://github.com/apache/poi/commit/236c3c52a9b90688b2e57ec503559409e29f33ed
- WEB https://github.com/apache/poi/commit/6050a68d5adfb4ffef1edb778add09bcee32d1c3
- WEB https://github.com/apache/poi/commit/d72bd78c19dfb7b57395a66ae8d9269d59a87bd2
- WEB https://github.com/apache/poi/commit/eabb6a924be24abb879372d0bc967e0d316b2cf8
- WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/95770
- PACKAGE https://github.com/apache/poi
- WEB https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations
- WEB http://poi.apache.org/changes.html
- WEB http://rhn.redhat.com/errata/RHSA-2014-1370.html
- WEB http://rhn.redhat.com/errata/RHSA-2014-1398.html
- WEB http://rhn.redhat.com/errata/RHSA-2014-1399.html
- WEB http://rhn.redhat.com/errata/RHSA-2014-1400.html
- WEB http://www-01.ibm.com/support/docview.wss?uid=swg21996759
- WEB http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
Ready to move
Start Securing
Free, no credit card | First findings in minutes