Lucene search
MitreCVELIST:CVE-2024-23525HistoryJan 17, 2024 - 12:00 a.m.
CVE-2024-23525
2024-01-1700:00:00
mitre
www.cve.org
4
spreadsheet::parsexlsx
xxe attacks
perl
xml::twig
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
References
www.openwall.com/lists/oss-security/2024/01/18/4
gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10
lists.debian.org/debian-lts-announce/2024/01/msg00018.html
metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes
security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html
Related
cve
cve
CVE-2024-23525
2024-01-18 00:15:38
nvd
nvd
CVE-2024-23525
2024-01-18 00:15:38
prion
prion
Out-of-bounds
2024-01-18 00:15:00
osv
osv
perl-Spreadsheet-ParseXLSX-0.310.0-1.1 on GA media
2024-06-15 00:00:00
CVE-2024-23525
2024-01-18 00:15:38
libspreadsheet-parsexlsx-perl vulnerabilities
2024-05-09 15:54:15
veracode
veracode
XML External Entity (XXE)
2024-01-25 00:12:38
debiancve
debiancve
CVE-2024-23525
2024-01-18 00:15:38
ubuntucve
ubuntucve
CVE-2024-23525
2024-01-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6769-1)
2024-05-10 00:00:00
Debian: Security Advisory (DLA-3723-1)
2024-01-29 00:00:00
ubuntu
ubuntu
Spreadsheet::ParseXLSX vulnerabilities
2024-05-09 00:00:00
nessus
nessus
debian
debian
[SECURITY] [DLA 3723-1] libspreadsheet-parsexlsx-perl security update
2024-01-27 20:35:30