this post was submitted on 28 Dec 2023
1 points (100.0% liked)

EDV-Sicherheit

348 readers
3 users here now

IT Security auf Deutsch.

founded 2 years ago
MODERATORS
 

CVE-2023-7101:

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Proof of concept @ github: https://github.com/haile01/perl_spreadsheet_excel_rce_poc

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here