Spreadsheet-ParseXLSX 0.28
Security Advisories
CVE-2024-23525
In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse('user_input_file.xlsx'), we'd be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.
- https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
- https://github.com/briandfoy/cpan-security-advisory/issues/134
- https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10
- https://github.com/advisories/GHSA-cxjh-j6f8-vrmf
- https://nvd.nist.gov/vuln/detail/CVE-2024-23525
Fixed version: >=0.30
Reported: 2024-01-17
Kwalitee Issues
This is not the latest release. The following issues may have already been fixed in the newer releases.
No Core Issues.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
Modules
Name | Abstract | Version | View |
---|---|---|---|
Spreadsheet::ParseXLSX | parse XLSX files | 0.28 | metacpan |
Spreadsheet::ParseXLSX::Decryptor | helper class to open password protected files | 0.28 | metacpan |
Spreadsheet::ParseXLSX::Decryptor::Agile | decryptor for files of version 4.4 | 0.28 | metacpan |
Spreadsheet::ParseXLSX::Decryptor::Standard | standard decryption | 0.28 | metacpan |