CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.

**Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer**

**Package**

maven com.monitorjbl:xlsx-streamer (Maven)

**Affected versions**

< 2.1.0

**Description**

**Impact**

Prior to xlsx-streamer 2.1.0, the XML parser that was used did not apply all the necessary settings to prevent XML Entity Expansion issues.

**Patches**

Upgrade to version 2.1.0.

**Workarounds**

No known workaround.

**References**

0749c7b

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in monitorjbl/excel-streaming-reader

**CVE ID**

CVE-2022-23640

**GHSA ID**

GHSA-xvm2-9xvc-hx7f

**CWEs**

Headline

CVE-2022-23640: Build software better, together

CVE: Latest News