VDB

DEBIAN-CVE-2019-12415

DEBIAN-CVE-2019-12415 PUBLISHED CVSS 5.5 MEDIUM

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:14libapache-poi-java4.0.1-6, 0, 4.0.1-6
Debian:12libapache-poi-java0, 4.0.1-5, 4.0.1-6
Debian:11libapache-poi-java4.0.1-2, 4.0.1-3, 0
Debian:13libapache-poi-java0, 4.0.1-6, 0

Timeline

  • Oct 23, 2019 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›