3 matches found
CVE-2022-23640 Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...
CVE-2022-23640 Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...
CVE-2022-23640
CVE-2022-23640 affects Excel-Streaming-Reader (xlsx-streamer) prior to version 2.1.0, where the XML parser did not apply necessary settings to prevent XML Entity Expansion (XML Bombs). The issue enables potential impact on confidentiality, integrity, and availability (high severity in CVSS 3.1), ...