[ https://issues.apache.org/jira/browse/NIFI-4821?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Villard resolved NIFI-4821. ---------------------------------- Resolution: Fixed > Upgrade to Apache POI 3.16 or newer > ----------------------------------- > > Key: NIFI-4821 > URL: https://issues.apache.org/jira/browse/NIFI-4821 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions > Reporter: Joseph Witt > Assignee: Joseph Witt > Priority: Major > Fix For: 1.6.0 > > > CVE-2017-12626 was announced today with the text: > > Title: CVE-2017-12626 – Denial of Service Vulnerabilities in Apache POI < 3.17 > Severity: Important > Vendor: The Apache Software Foundation > Versions affected: versions prior to version 3.17 > Description: > Apache POI versions prior to release 3.17 are vulnerable to Denial of > Service Attacks: > * Infinite Loops while parsing specially crafted WMF, EMF, MSG and macros > (POI bugs 61338 [0] and 61294 [1]) > * Out of Memory Exceptions while parsing specially crafted DOC, PPT and > XLS > (POI bugs 52372 [2] and 61295 [3]) > Mitigation: Users with applications which accept content from external or > untrusted sources are advised to upgrade to Apache POI 3.17 or newer. > -Tim Allison > on behalf of the Apache POI PMC > > [0] [https://bz.apache.org/bugzilla/show_bug.cgi?id=61338] > [1] [https://bz.apache.org/bugzilla/show_bug.cgi?id=61294] > [2] [https://bz.apache.org/bugzilla/show_bug.cgi?id=52372] > [3] [https://bz.apache.org/bugzilla/show_bug.cgi?id=61295] -- This message was sent by Atlassian JIRA (v7.6.3#76005)