oss-sec mailing list archives
CVE-2024-23525: Spreadsheet::ParseXLSX for Perl is vulnerable to XXE attacks
From: Stig Palmquist <stig () stig io>
Date: Thu, 18 Jan 2024 10:51:20 +0000
Hi, An Pham discovered that the Perl module Spreadsheet::ParseXLSX 0.29 (and earlier) is vulnerable to XML external entity injection attacks when parsing a crafted XLSX file. Users should upgrade to version 0.30 or later. Fixed Version: https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30 References: https://nvd.nist.gov/vuln/detail/CVE-2024-23525 https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10 Best, Stig.
Current thread:
- CVE-2024-23525: Spreadsheet::ParseXLSX for Perl is vulnerable to XXE attacks Stig Palmquist (Jan 18)