Lucene search
GoogleOSV:GHSA-CHQF-HX79-GXC6HistoryMay 17, 2022 - 2:58 a.m.
Improper Restriction of XML External Entity Reference in Openpyxl
2022-05-1702:58:54
Google
osv.dev
7
0.005 Low
EPSS
Percentile
76.1%
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.
References
www.openwall.com/lists/oss-security/2017/02/07/5
bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1
bitbucket.org/openpyxl/openpyxl/issues/749
bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442
foss.heptapod.net/openpyxl/openpyxl
foss.heptapod.net/openpyxl/openpyxl/-/commit/7fe678fd89fd
foss.heptapod.net/openpyxl/openpyxl/-/issues/749
github.com/advisories/GHSA-chqf-hx79-gxc6
github.com/pypa/advisory-database/tree/main/vulns/openpyxl/PYSEC-2017-48.yaml
nvd.nist.gov/vuln/detail/CVE-2017-5992
Related
nessus
nessus
openSUSE Security Update : python-openpyxl (openSUSE-2018-44)
2018-01-16 00:00:00
openSUSE Security Update : python3-openpyxl (openSUSE-2018-202)
2018-02-23 00:00:00
Ubuntu 16.04 ESM : openpyxl vulnerability (USN-4821-1)
2023-10-23 00:00:00
cvelist
cvelist
CVE-2017-5992
2017-02-15 19:00:00
veracode
veracode
XML External Entity (XXE)
2017-02-08 08:18:18
ubuntucve
ubuntucve
CVE-2017-5992
2017-02-15 00:00:00
prion
prion
Xxe
2017-02-15 19:59:00
nvd
nvd
CVE-2017-5992
2017-02-15 19:59:01
osv
osv
openpyxl vulnerability
2021-03-15 21:58:09
PYSEC-2017-48
2017-02-15 19:59:00
github
github
Improper Restriction of XML External Entity Reference in Openpyxl
2022-05-17 02:58:54
cve
cve
CVE-2017-5992
2017-02-15 19:59:01
debiancve
debiancve
CVE-2017-5992
2017-02-15 19:59:01
openvas
openvas
Ubuntu: Security Advisory (USN-4821-1)
2023-01-27 00:00:00
ubuntu
ubuntu
openpyxl vulnerability
2021-03-15 00:00:00