XML External Entity (XXE) Processing Vulnerability in Apache POI up to 4.1.0

XML External Entity (XXE) Processing Vulnerability in Apache POI up to 4.1.0

CVE-2019-12415 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Learn more about our Cis Benchmark Audit For Apache Http Server.