Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-23525

Published: 18/01/2024 Updated: 27/01/2024
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Spreadsheet\

Vulnerability Summary

The Spreadsheet::ParseXLSX package prior to 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.

Vulnerable Product Search on Vulmon Subscribe to Product

tozt spreadsheet\\ \\

Vendor Advisories

Debian CVElist Bug Report Logs: libspreadsheet-parsexlsx-perl: CVE-2024-23525
Debian Bug report logs - #1061098 libspreadsheet-parsexlsx-perl: CVE-2024-23525 Package: src:libspreadsheet-parsexlsx-perl; Maintainer for src:libspreadsheet-parsexlsx-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 18 Jan 2024 ...

References

CWE-611https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changeshttps://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4ahttps://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10http://www.openwall.com/lists/oss-security/2024/01/18/4https://lists.debian.org/debian-lts-announce/2024/01/msg00018.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061098https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook