CVE-2014-3529 Vulnerability in maven package org.apache.poi:poi-ooxml

Description

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

http://poi.apache.org/changes.html

http://rhn.redhat.com/errata/RHSA-2014-1370.html

http://rhn.redhat.com/errata/RHSA-2014-1398.html

http://rhn.redhat.com/errata/RHSA-2014-1399.html

http://rhn.redhat.com/errata/RHSA-2014-1400.html

http://secunia.com/advisories/59943

http://secunia.com/advisories/60419

http://secunia.com/advisories/61766

http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt

http://www.securityfocus.com/bid/69647

http://www.securityfocus.com/bid/78018

http://www-01.ibm.com/support/docview.wss?uid=swg21996759

https://exchange.xforce.ibmcloud.com/vulnerabilities/95770

https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations

Related Vulnerabilities

CVE-2019-20174 Vulnerability in npm package auth0-lock

CVE-2015-3191 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

CVE-2023-37277 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-war

CVE-2023-50767 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin

CVE-2023-27987 Vulnerability in maven package org.apache.linkis:linkis-cli-application

Severity

Critical

Description

Remediation

References

Related Vulnerabilities

Severity

Tags

Take action and discover your vulnerabilities