Taylor Jones

1 exploit Active since Mar 2022
CVE-2022-23640 WRITEUP CRITICAL WRITEUP
excel_streaming_reader < 2.1.0 - XML External Entity Injection
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.
CVSS 9.8