Openpyxl 2.4.1 resolves external entities by default, which allows remote malicious users to conduct XXE attacks via a crafted .xlsx document.
python openpyxl 2.4.1