mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.4 KiB
1.4 KiB
CVE-2023-7101
&color=brighgreen)
Description
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
POC
Reference
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
- https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html