CVE-2023-7101CISA KEV: Actively Exploited

Spreadsheet::ParseExcel Remote Code Execution Vulnerability

Published Jan 2, 2024·Updated Jan 2, 2024

Description

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free