'[oss-security] CVE-2023-7101: Spreadsheet::ParseExcel for Perl is vulnerable to arbitrary code execu'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2023-7101: Spreadsheet::ParseExcel for Perl is vulnerable to arbitrary code execu
From:       Stig Palmquist <stig () stig ! io>
Date:       2023-12-29 15:57:51
Message-ID: u_37zo4-c8MMB7MsMhIWnl6UEq-x6XthS05w8OvrztTMgixZQWX1nf2zdsHsobnpojkG2ya44HMch-biNuT4sRGWS16EGd0EKWerHgtgmZA= () stig ! io
[Download RAW message or body]

[Attachment #2 (text/plain)]

Hi,

The CPAN Security WG was recently informed that the Perl module Spreadsheet::ParseExcel 0.65 \
(and earlier) is vulnerable to arbitrary code execution.

Users should upgrade to version 0.66 as soon as possible.

Updated Version:
https://metacpan.org/release/JMCNAMARA/Spreadsheet-ParseExcel-0.66

Patch:
https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc.patch

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7101
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md

Best,
Stig

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic