CVE-2016-5000

Name of the Vulnerable Software and Affected Versions Apache POI versions prior to 3.14

Description The issue allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This is a type of attack where an application parses XML input that contains an external entity declaration, allowing an attacker to access local or remote resources.

Recommendations For versions prior to 3.14, update to version 3.14 or later to resolve the issue. As a temporary workaround, consider restricting the processing of external entities in OpenXML documents to minimize the risk of exploitation.