CVE-2019-12415

Name of the Vulnerable Software and Affected Versions Apache POI versions up to 4.1.0

Description The issue is related to the XSSFExportToXml tool in Apache POI, which can be exploited to read files from the local filesystem or internal network resources via XML External Entity (XXE) Processing when converting user-provided Microsoft Excel documents. This is due to insufficient restrictions on XML external entities.

Recommendations For Apache POI versions up to 4.1.0, consider disabling the XSSFExportToXml tool until a patch is available to prevent potential exploitation. Restrict access to sensitive files and network resources to minimize the risk of unauthorized access.