Security Advisories (2)
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.
- https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
- https://github.com/briandfoy/cpan-security-advisory/issues/131
- https://nvd.nist.gov/vuln/detail/CVE-2024-22368
- https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
- https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes
- https://github.com/advisories/GHSA-x2hg-844v-frvh
In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse('user_input_file.xlsx'), we'd be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.
- https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes
- https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
- https://github.com/briandfoy/cpan-security-advisory/issues/134
- https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10
- https://github.com/advisories/GHSA-cxjh-j6f8-vrmf
- https://nvd.nist.gov/vuln/detail/CVE-2024-23525
NAME
Spreadsheet::ParseXLSX::Decryptor
VERSION
version 0.27
AUTHOR
Jesse Luehrs <doy@tozt.net>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2016 by Jesse Luehrs.
This is free software, licensed under:
The MIT (X11) LicenseModule Install Instructions
To install Spreadsheet::ParseXLSX, copy and paste the appropriate command in to your terminal.
cpanm Spreadsheet::ParseXLSXperl -MCPAN -e shell
install Spreadsheet::ParseXLSXFor more information on module installation, please visit the detailed CPAN module installation guide.