Security Advisories (1)

CVE-2024-23525 (2024-01-17)

In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse('user_input_file.xlsx'), we'd be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.

https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes
https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
https://github.com/briandfoy/cpan-security-advisory/issues/134
https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10
https://github.com/advisories/GHSA-cxjh-j6f8-vrmf
https://nvd.nist.gov/vuln/detail/CVE-2024-23525

NAME

Spreadsheet::ParseXLSX::Decryptor - helper class to open password protected files

VERSION

version 0.29

AUTHOR

Jesse Luehrs <doy@tozt.net>

COPYRIGHT AND LICENSE

This is free software, licensed under:

The MIT (X11) License

To install Spreadsheet::ParseXLSX, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Spreadsheet::ParseXLSX

CPAN shell

perl -MCPAN -e shell
install Spreadsheet::ParseXLSX

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

VERSION

AUTHOR

COPYRIGHT AND LICENSE

Module Install Instructions

Keyboard Shortcuts