Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jmcnamara spreadsheet\\ \\ |
||
debian debian linux 10.0 |
||
fedoraproject fedora 38 |
||
fedoraproject fedora 39 |