In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
CVE: (none) => CVE-2019-12415
Already reported. Please search bugzilla first! *** This bug has been marked as a duplicate of bug 25599 ***
Resolution: (none) => DUPLICATEStatus: NEW => RESOLVED