Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. (CVE-2023-7101)

Source

ALAS-2024-1905

Amazon Linux 1 Security Advisory: ALAS-2024-1905
Advisory Release Date: 2024-01-19 01:19 Pacific
Advisory Updated Date: 2024-01-19 01:19 Pacific

Severity: Important

References: CVE-2023-7101
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. (CVE-2023-7101)

Affected Packages:

perl-Spreadsheet-ParseExcel

Issue Correction:
Run yum update perl-Spreadsheet-ParseExcel to update your system.

New Packages:

i686:
    perl-Spreadsheet-ParseExcel-0.5900-5.3.amzn1.i686

src:
    perl-Spreadsheet-ParseExcel-0.5900-5.3.amzn1.src

x86_64:
    perl-Spreadsheet-ParseExcel-0.5900-5.3.amzn1.x86_64

Additional References

Red Hat: CVE-2023-7101

Mitre: CVE-2023-7101

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2024-1905

ALAS-2024-1905

Additional References

Vulmon Search

About

Products

Connect