Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.poi:poi(Maven) | 0 | 3.10.1 | N/A |
| org.apache.poi:poi(Maven) | 3.11-beta1 | 3.11-beta2 | N/A |
CVSS Metrics
