VYPR
Critical severityNVD Advisory· Published Mar 2, 2022· Updated Apr 23, 2025

Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader

CVE-2022-23640

Description

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.monitorjbl:xlsx-streamerMaven
< 2.1.02.1.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.