CVE-2022-23640

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xlsx-streamer versions prior to 2.1.0

Description The issue concerns the XML parser used in the Excel-Streaming-Reader, which did not apply all necessary settings to prevent XML Entity Expansion issues. This problem is resolved by upgrading to version 2.1.0. There is no known workaround for this issue.

Recommendations Upgrade to version 2.1.0 to receive a patch. As there is no known workaround, upgrading to the specified version is the recommended course of action to mitigate the risk associated with this issue.

Exploit

Fix

XML Entity Expansion

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776CWE-611

Related Identifiers

CVE-2022-23640

GHSA-XVM2-9XVC-HX7F

Affected Products

Xlsx-Streamer

CVE-2022-23640

Weakness Enumeration

Related Identifiers

Affected Products

References · 9