If you suspect you have found a security vulnerability in Apache POI code, please read https://www.apache.org/security/ for how to report the issue. Please do not report the details publicly until the report is reviewed.