Bug 27727

Summary: [Update Request] apache-poi
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2019-12415
Whiteboard:
Source RPM: apache-poi CVE: CVE-2019-12415
Status comment:

Description Zombie Ryushu 2020-12-04 01:31:37 CET 
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
Zombie Ryushu 2020-12-04 01:32:16 CET

CVE: (none) => CVE-2019-12415

Comment 1 David Walser 2020-12-04 01:36:27 CET 
Already reported.  Please search bugzilla first!

*** This bug has been marked as a duplicate of bug 25599 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED