[MAVEN:GHSA-XVM2-9XVC-HX7F] Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Severity
Critical
Affected Packages
1
Fixed Packages
1
CVEs
1
Impact
Prior to xlsx-streamer 2.1.0, the XML parser that was used did not apply all the necessary settings to prevent XML Entity Expansion issues.
Patches
Upgrade to version 2.1.0.
Workarounds
No known workaround.
References
https://github.com/monitorjbl/excel-streaming-reader/commit/0749c7b9709db078ccdeada16d46a34bc2910c73
For more information
If you have any questions or comments about this advisory:
* Open an issue in monitorjbl/excel-streaming-reader
| Package | Affected Version |
|---|---|
 pkg:maven/com.monitorjbl/xlsx-streamer
|
< 2.1.0 |
| Package | Fixed Version |
|---|---|
|
pkg:maven/com.monitorjbl/xlsx-streamer
|
= 2.1.0 |
- ID
- MAVEN:GHSA-XVM2-9XVC-HX7F
- Severity
- critical
- URL
- https://github.com/advisories/GHSA-xvm2-9xvc-hx7f
- Published
-
2022-03-02T21:30:54
(2 years ago) - Modified
-
2023-07-24T19:30:22
(14 months ago) - Rights
- Maven Security Team
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:maven/com.monitorjbl/xlsx-streamer | com.monitorjbl |
xlsx-streamer
|
< 2.1.0 | |||
| Fixed | pkg:maven/com.monitorjbl/xlsx-streamer | com.monitorjbl |
xlsx-streamer
|
= 2.1.0 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |