Medium severity5.5NVD Advisory· Published Aug 5, 2016· Updated May 6, 2026
CVE-2016-5000
CVE-2016-5000
Description
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.poi:poi-examplesMaven | < 3.14 | 3.14 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/advisories/GHSA-pmqq-7wfv-jfffghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-5000ghsaADVISORY
- www-01.ibm.com/support/docview.wssnvdWEB
- lists.apache.org/list.htmlghsaWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdWEB
- www.securityfocus.com/archive/1/538981/100/0/threadednvd
- www.securityfocus.com/bid/92100nvd
- www.securitytracker.com/id/1037741nvd
- lists.apache.org/list.htmlnvd
News mentions
0No linked articles in our index yet.