CVE-2023-7101 in Spreadsheet::ParseExcelinfo

Zusammenfassung

von MITRE • 25.12.2023

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

24.12.2023

Veröffentlichung

25.12.2023

Moderieren

akzeptiert

Eintrag

VDB-248969

CPE

bereit

CWE

CWE-95 (bestätigt)

CVSS

7.8 (NVD)

EPSS

0.55712

KEV

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-7101
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-7101
CVE Details	https://www.cvedetails.com/cve/CVE-2023-7101/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!