CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:32

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/list.html?user@poi.apache.org', 'name': "[users] 20160722 [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example", 'tags': ['Mailing List'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/list.html?user%40poi.apache.orgĀ -

Information

Published : 2016-08-05 14:59

Updated : 2024-02-28 15:21


NVD link : CVE-2016-5000

Mitre link : CVE-2016-5000

CVE.ORG link : CVE-2016-5000


JSON object : View

Products Affected

apache

  • poi
CWE
CWE-611

Improper Restriction of XML External Entity Reference