XML Entity Expansion (XEE) and Aspose.Cells API

While working with OOXML file for spreadsheet, there is a possibility of XML Entity Expansion (XEE) attack that allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file. The issue was initially reported by Xiaolong Zhu and Huijun Chen from Huawei Technologies Co., Ltd.

Our question is: Has Aspose.Cells already handled this vulnerability? If not, are there any plans to handle this?

PS: I don’t have any such file to share with you, but I am sure your developers will have an idea about this. Apache POI has already handled this https://poi.apache.org/ .

@kashif.iqbal,
We are analysing your requirement and will provide our feedback soon.

@kashif.iqbal,

Please note, Aspose.Cells does not process XML Entity Expansion, so there is no vulnerability what so ever.