cve/CVE-2023-7101.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

POC

Reference

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc
https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html

Github

https://github.com/Ostorlab/KEV
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/vinzel-ops/vuln-barracuda

1.3 KiB Raw Blame History

CVE-2023-7101

Description

POC

Reference

Github

1.3 KiB

Raw Blame History