You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by bu...@apache.org on 2015/06/17 14:09:19 UTC
[Bug 58046] New: XML Entity expansion / injection possible
https://bz.apache.org/bugzilla/show_bug.cgi?id=58046
Bug ID: 58046
Summary: XML Entity expansion / injection possible
Product: POI
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: POI Overall
Assignee: dev@poi.apache.org
Reporter: dkwakkel@gmail.com
Created attachment 32831
--> https://bz.apache.org/bugzilla/attachment.cgi?id=32831&action=edit
scan report
There are several places XML entity expansion / injection possible. See
attached report.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
[Bug 58046] XML Entity expansion / injection possible
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=58046
Dominik Stadler <do...@gmx.at> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #1 from Dominik Stadler <do...@gmx.at> ---
The main classes in POI do take care to handle this correctly. All the items
reported as "high" in the report are related to development/sample/scratchpad
classes which are provided as showcases for how to use POI and are not intended
for production use without further adjustments.
Please reopen if you think there is an actual vulnerability in code that is
part of the core POI functionality.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org