If you're processing a specially crafted docx/xlsx/pptx (and their macro
brethren), you could be vulnerable to:
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
POI-colleagues, please correct me if I'm wrong, but you'd trigger this if you
ran an extractor or even if you jus
Hi,
the vulnerability was concerning the XML parsing of files in the newer
Microsoft document formats (i.e. xlsx, docx, pptx, ...). These files are
actually zip-files with a bunch of XML-files inside. There was a
possibility to create a specially crafted xml-file as part of such a file
POI could g
