CVE-2023-7101 in Spreadsheet::ParseExcelinformation

Résumé

par MITRE • 25/12/2023

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Réserver

24/12/2023

Divulgation

25/12/2023

Modérer

accepté

Entrée

VDB-248969

CPE

prêt

CWE

CWE-95 (confirmé)

CVSS

7.8 (NVD)

EPSS

0.55712

KEV

oui

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-7101
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-7101
CVE Details	https://www.cvedetails.com/cve/CVE-2023-7101/

◂ Précédent Aperçu Suivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!