[Bug 65421] New: Multiple CVEs found on poi-ooxml dependencies

bugzilla Thu, 01 Jul 2021 07:54:53 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=65421


            Bug ID: 65421
           Summary: Multiple CVEs found on poi-ooxml dependencies
           Product: POI
           Version: 5.0.0-FINAL
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: XSLF
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Found some CVEs while scanning my app with OASP Dependency Check. I have a
dependency on:

<dependency>
        <groupId>org.apache.poi</groupId>
        <artifactId>poi-ooxml</artifactId>
        <version>5.0.0</version>
</dependency>

Here are the CVEs:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11987
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27807
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27906
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31811
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31812
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11988

Most of these come from batik-all-1.13.jar and seem to have been fixed on 1.14.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 65421] New: Multiple CVEs found on poi-ooxml dependencies

Reply via email to