<org.apache.poi.xssf.streaming.SXSSFCell: java.lang.String getStringCellValue()>
at <org.yarlithub.yschool.spreadSheetHandler.XLSReader: java.lang.String getStringCellValue(int)> (org.yarlithub.yschool.spreadSheetHandler.XLSReader.java:[70]) in /detect/unzip/ySchool-master/modules/spreadSheetHandler/target/classes
Hi, In ySchool/modules/spreadSheetHandler,there is a dependency org.apache.poi:poi-ooxml:3.9 that calls the risk method.
CVE-2019-12415
The scope of this CVE affected version is [,4.1.0)
After further analysis, in this project, the main Api called is <org.apache.poi.xssf.streaming.SXSSFCell: java.lang.String getStringCellValue()>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 2
Dependency tree--
Suggested solutions:
Update dependency version
Thank you very much.