oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-7101: Spreadsheet::ParseExcel for Perl is vulnerable to arbitrary code execution

From: Stig Palmquist <stig () stig io>
Date: Fri, 29 Dec 2023 15:57:51 +0000
Hi,

The CPAN Security WG was recently informed that the Perl module Spreadsheet::ParseExcel 0.65 (and earlier) is 
vulnerable to arbitrary code execution.

Users should upgrade to version 0.66 as soon as possible.

Updated Version:
https://metacpan.org/release/JMCNAMARA/Spreadsheet-ParseExcel-0.66

Patch:
https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc.patch

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7101
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md

Best,
Stig
Previous By Date Next
Previous By Thread Next

Current thread: