XML Entity Expansion

xlsx-streamer is vulnerable to XML entity expansion which is also known as XML Bombs. Lack of necessary settings to prevent XML Entity Expansion issues allows an attacker to pass malicious XML object via XML parser...

com.crealytics:spark-excel_2.11 (>=0.9.6 <=0.11.1), com.gizbel.excel:excel-extractor (>=1.0.0 <=1.0.1) +148 more potentially affected by CVE-2022-23640 via com.monitorjbl:xlsx-streamer (>=0.2.9 <=2.0.0)

com.monitorjbl:xlsx-streamer MAVEN version =0.2.9, =0.9.6, =1.0.0, =3.0.3, =1.1.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.1.2 - com.webank.wedatasphere.dss:dss-appjoint-auth =0.6.0 and more Source cves: CVE-2022-23640 Source advisory: OSV:GHSA-XVM2-9XVC-HX7F...