6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.9%
Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage
memory during cell merge operations. An attacker could possibly use this
issue to consume large amounts of memory, resulting in a denial of service
condition. (CVE-2024-22368)
An Pham discovered that Spreadsheet::ParseXLSX allowed the processing of
external entities in a default configuration. An attacker could possibly
use this vulnerability to execute an XML External Entity (XXE) injection
attack. (CVE-2024-23525)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.9%