Spreadsheet-ParseExcel 0.24 Deleted
Security Advisories
CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
- http://www.openwall.com/lists/oss-security/2023/12/29/4
- https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
- https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://https://www.cve.org/CVERecord?id=CVE-2023-7101
- https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html
Fixed version: >=0.66
Reported: 2023-12-24
Kwalitee Issues
- has_meta_yml
-
Add a META.yml to the distribution. Your buildtool should be able to autogenerate it.
- prereq_matches_use
-
List all used modules in META.yml requires
Error:
- Jcode
- OLE::Storage_Lite
- Spreadsheet::WriteExcel
- Unicode::Map
- no_pod_errors
-
Remove the POD errors. You can check for POD errors automatically by including Test::Pod to your test suite.
Error: Spreadsheet-ParseExcel-0.24/ParseExcel/SaveParser.pm -- Around line 170: Unknown directive: =cmmt Spreadsheet-ParseExcel-0.24/ParseExcel.pm -- Around line 936: Unknown directive: =cmmt
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- has_tests_in_t_dir
-
Add tests or move tests.pl to the t/ directory!
- meta_yml_has_license
-
Define the license if you are using in Build.PL. If you are using MakeMaker (Makefile.PL) you should upgrade to ExtUtils::MakeMaker version 6.31.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: Spreadsheet::ParseExcel, Spreadsheet::ParseExcel::Dump, Spreadsheet::ParseExcel::FmtDefault, Spreadsheet::ParseExcel::FmtJapan, Spreadsheet::ParseExcel::FmtJapan2, Spreadsheet::ParseExcel::FmtUnicode, Spreadsheet::ParseExcel::SaveParser, Spreadsheet::ParseExcel::Utility
- no_unauthorized_packages
-
Ask the owner of the distribution (the one who released it first, or the one who is designated in x_authority) to give you a (co-)maintainer's permission.
Error:
- Spreadsheet::ParseExcel
- consistent_version
-
Split the distribution, or fix the version numbers to make them consistent (use the highest version number to avoid version downgrade).
Error: 0.01,0.03,0.04,0.24
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
Spreadsheet::ParseExcel | Get information from Excel file | 0.24 | metacpan |
Spreadsheet::ParseExcel::Dump | 0.01 | metacpan | |
Spreadsheet::ParseExcel::FmtDefault | 0.04 | metacpan | |
Spreadsheet::ParseExcel::FmtJapan | 0.04 | metacpan | |
Spreadsheet::ParseExcel::FmtJapan2 | 0.04 | metacpan | |
Spreadsheet::ParseExcel::FmtUnicode | 0.04 | metacpan | |
Spreadsheet::ParseExcel::SaveParser | Expand of Spreadsheet::ParseExcel with Spreadsheet::WriteExcel | 0.01 | metacpan |
Spreadsheet::ParseExcel::Utility | Utility function for Spreadsheet::ParseExcel | 0.03 | metacpan |
Provides
Name | File | View |
---|---|---|
Spreadsheet::ParseExcel::Cell | ParseExcel.pm | metacpan |
Spreadsheet::ParseExcel::Font | ParseExcel.pm | metacpan |
Spreadsheet::ParseExcel::Format | ParseExcel.pm | metacpan |
Spreadsheet::ParseExcel::SaveParser::Workbook | ParseExcel/SaveParser.pm | metacpan |
Spreadsheet::ParseExcel::Workbook | ParseExcel.pm | metacpan |
Spreadsheet::ParseExcel::Worksheet | ParseExcel.pm | metacpan |