Spreadsheet-ParseExcel 0.63
Security Advisories
CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
- http://www.openwall.com/lists/oss-security/2023/12/29/4
- https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
- https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://https://www.cve.org/CVERecord?id=CVE-2023-7101
- https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html
Fixed version: >=0.66
Reported: 2023-12-24
Kwalitee Issues
No Core Issues.
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
Spreadsheet::ParseExcel | Read information from an Excel file. | 0.63 | metacpan |
Spreadsheet::ParseExcel::Cell | A class for Cell data and formatting. | 0.63 | metacpan |
Spreadsheet::ParseExcel::Dump | A class for dumping Excel records. | 0.63 | metacpan |
Spreadsheet::ParseExcel::FmtDefault | A class for Cell formats. | 0.63 | metacpan |
Spreadsheet::ParseExcel::FmtJapan | A class for Cell formats. | 0.63 | metacpan |
Spreadsheet::ParseExcel::FmtJapan2 | A class for Cell formats. | 0.63 | metacpan |
Spreadsheet::ParseExcel::FmtUnicode | A class for Cell formats. | 0.63 | metacpan |
Spreadsheet::ParseExcel::Font | A class for Cell fonts. | 0.63 | metacpan |
Spreadsheet::ParseExcel::Format | A class for Cell formats. | 0.63 | metacpan |
Spreadsheet::ParseExcel::SaveParser | Rewrite an existing Excel file. | 0.63 | metacpan |
Spreadsheet::ParseExcel::SaveParser::Workbook | A class for SaveParser Workbooks. | 0.63 | metacpan |
Spreadsheet::ParseExcel::SaveParser::Worksheet | A class for SaveParser Worksheets. | 0.63 | metacpan |
Spreadsheet::ParseExcel::Utility | Utility functions for Spreadsheet::ParseExcel. | 0.63 | metacpan |
Spreadsheet::ParseExcel::Workbook | A class for Workbooks. | 0.63 | metacpan |
Spreadsheet::ParseExcel::Worksheet | A class for Worksheets. | 0.63 | metacpan |