colearendt
commented
3 years ago Also tracking here: https://github.com/colearendt/xlsx/issues/177 and here: https://github.com/colearendt/xlsx/issues/142
With proposed fix in #1
Open alexvorobiev opened 4 years ago
colearendt
commented
3 years ago Also tracking here: https://github.com/colearendt/xlsx/issues/177 and here: https://github.com/colearendt/xlsx/issues/142
With proposed fix in #1
"Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack."
https://nvd.nist.gov/vuln/detail/CVE-2017-5644
Please update the jars.