High severity8.2NVD Advisory· Published Feb 15, 2017· Updated May 13, 2026
CVE-2017-5992
CVE-2017-5992
Description
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openpyxlPyPI | < 2.4.2 | 2.4.2 |
Affected products
1- cpe:2.3:a:python:openpyxl:2.4.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.openwall.com/lists/oss-security/2017/02/07/5nvdMailing ListThird Party AdvisoryWEB
- bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1nvdIssue TrackingThird Party AdvisoryWEB
- bitbucket.org/openpyxl/openpyxl/issues/749nvdIssue TrackingThird Party AdvisoryWEB
- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-chqf-hx79-gxc6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-5992ghsaADVISORY
- foss.heptapod.net/openpyxl/openpyxlghsaPACKAGE
- foss.heptapod.net/openpyxl/openpyxl/-/commit/7fe678fd89fdghsaWEB
- foss.heptapod.net/openpyxl/openpyxl/-/issues/749ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/openpyxl/PYSEC-2017-48.yamlghsaWEB
News mentions
0No linked articles in our index yet.