Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-23525HistoryJan 18, 2024 - 12:15 a.m.
CVE-2024-23525
2024-01-1800:15:38
Debian Security Bug Tracker
security-tracker.debian.org
5
spreadsheet::parsexlsx
xxe attacks
xml::twig
perl
security
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.1%
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
Related
prion
prion
Out-of-bounds
2024-01-18 00:15:00
cve
cve
CVE-2024-23525
2024-01-18 00:15:38
nvd
nvd
CVE-2024-23525
2024-01-18 00:15:38
cvelist
cvelist
CVE-2024-23525
2024-01-17 00:00:00
veracode
veracode
XML External Entity (XXE)
2024-01-25 00:12:38
osv
osv
CVE-2024-23525
2024-01-18 00:15:38
libspreadsheet-parsexlsx-perl - security update
2024-01-27 00:00:00
libspreadsheet-parsexlsx-perl vulnerabilities
2024-05-09 15:54:15
ubuntucve
ubuntucve
CVE-2024-23525
2024-01-18 00:00:00
ubuntu
ubuntu
Spreadsheet::ParseXLSX vulnerabilities
2024-05-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6769-1)
2024-05-10 00:00:00
Debian: Security Advisory (DLA-3723-1)
2024-01-29 00:00:00
nessus
nessus
debian
debian
[SECURITY] [DLA 3723-1] libspreadsheet-parsexlsx-perl security update
2024-01-27 20:35:30
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7.2 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
31.1%
Related for DEBIANCVE:CVE-2024-23525