oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-23525: Spreadsheet::ParseXLSX for Perl is vulnerable to XXE attacks

From: Stig Palmquist <stig () stig io>
Date: Thu, 18 Jan 2024 10:51:20 +0000
Hi,

An Pham discovered that the Perl module Spreadsheet::ParseXLSX 0.29 (and earlier) is vulnerable to XML external entity 
injection attacks when parsing a crafted XLSX file.

Users should upgrade to version 0.30 or later.

Fixed Version:
https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-23525
https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10

Best,
Stig.
Previous By Date Next
Previous By Thread Next

Current thread: