CVE-2023-7101 in Spreadsheet::ParseExcel信息

摘要

由 MITRE • 2023-12-25

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

预定

2023-12-24

披露

2023-12-25

管理

已接受

条目

VDB-248969

CPE

准备好

CWE

CWE-95 (已确认)

CVSS

7.8 (NVD)

EPSS

0.55712

KEV

是

活动

非常低

来源

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-7101
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-7101
CVE Details	https://www.cvedetails.com/cve/CVE-2023-7101/

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!