mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-01 19:21:37 +00:00
48 lines
1.7 KiB
JSON
48 lines
1.7 KiB
JSON
{
|
|
"id": "CVE-2023-7101",
|
|
"sourceIdentifier": "mandiant-cve@google.com",
|
|
"published": "2023-12-24T22:15:07.983",
|
|
"lastModified": "2023-12-25T03:08:09.833",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type \u201ceval\u201d. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. \n"
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"weaknesses": [
|
|
{
|
|
"source": "mandiant-cve@google.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-95"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171",
|
|
"source": "mandiant-cve@google.com"
|
|
},
|
|
{
|
|
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md",
|
|
"source": "mandiant-cve@google.com"
|
|
},
|
|
{
|
|
"url": "https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc",
|
|
"source": "mandiant-cve@google.com"
|
|
},
|
|
{
|
|
"url": "https://https://metacpan.org/dist/Spreadsheet-ParseExcel",
|
|
"source": "mandiant-cve@google.com"
|
|
},
|
|
{
|
|
"url": "https://https://www.cve.org/CVERecord?id=CVE-2023-7101",
|
|
"source": "mandiant-cve@google.com"
|
|
}
|
|
]
|
|
} |