Spreadsheet-ParseExcel 0.47
- Released by
- JMCNAMARA
- Version
- Release Date
- 2009-01-22
- Kwalitee
- 140.62
- Core Kwalitee
- 93.75
- LINKS
Spreadsheet-ParseExcel 0.47 Deleted
Security Advisories
CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
- http://www.openwall.com/lists/oss-security/2023/12/29/4
- https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
- https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://https://www.cve.org/CVERecord?id=CVE-2023-7101
- https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html
Fixed version: >=0.66
Reported: 2023-12-24
Kwalitee Issues
- meta_yml_conforms_to_known_spec
-
Take a look at the META.yml Spec at https://metacpan.org/pod/CPAN::Meta::History::Meta_1_4 (for version 1.4) or https://metacpan.org/pod/CPAN::Meta::Spec (for version 2), and change your META.yml accordingly.
Error: Expected a list structure (author) [Validation: 1.3];License '<undef>' is invalid (license) [Validation: 1.3];Missing mandatory field, 'abstract' (abstract) [Validation: 1.3];Missing mandatory field, 'author' (author) [Validation: 1.3];Missing mandatory field, 'license' (license) [Validation: 1.3];value is an undefined string (abstract) [Validation: 1.3]
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: Spreadsheet-ParseExcel-0.47/lib/Spreadsheet/ParseExcel.pm -- Around line 2974: Non-ASCII character seen before =encoding in 'ReziÄ,'. Assuming UTF-8
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.44,0.46,0.47
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
| Name | Abstract | Version | View |
|---|---|---|---|
| Spreadsheet::ParseExcel | Extract information from an Excel file. | 0.47 | metacpan |
| Spreadsheet::ParseExcel::Cell | A class for Cells. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::Dump | A class for dumping Excel records. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::FmtDefault | A class for Cell formats. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::FmtJapan | A class for Cell formats. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::FmtJapan2 | A class for Cell formats. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::FmtUnicode | A class for Cell formats. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::Font | A class for Cell fonts. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::Format | A class for Cell formats. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::SaveParser | Rewrite an existing Excel file. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::SaveParser::Workbook | A class for SaveParser Workbooks. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::SaveParser::Worksheet | A class for SaveParser Worksheets. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::Utility | Utility functions for Spreadsheet::ParseExcel. | 0.46 | metacpan |
| Spreadsheet::ParseExcel::Workbook | A class for Workbooks. | 0.44 | metacpan |
| Spreadsheet::ParseExcel::Worksheet | A class for Worksheets. | 0.44 | metacpan |