Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader
Vulnerability Description
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Excel-Streaming-Reader 代码问题漏洞
Vulnerability Description
Excel-Streaming-Reader是一个使用 Apache POI 的流式 Excel 阅读器。 Excel-Streaming-Reader 2.1.0之前版本存在代码问题漏洞,该漏洞源于软件所使用的XML解析器缺少了某些必要的设置,导致XML实体扩展问题。
CVSS Information
N/A
Vulnerability Type
N/A