The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/01/18/4 | Exploit Mailing List Third Party Advisory |
https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a | Exploit Third Party Advisory |
https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10 | Issue Tracking |
https://lists.debian.org/debian-lts-announce/2024/01/msg00018.html | |
https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes | Release Notes |
https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-17T00:00:00
Updated: 2024-05-05T14:54:04.645237
Reserved: 2024-01-17T00:00:00
Link: CVE-2024-23525
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-18T00:15:38.590
Modified: 2024-05-05T15:15:49.067
Link: CVE-2024-23525
JSON object: View
Redhat Information
No data.
CWE