Unrated severityNVD Advisory· Published Jan 17, 2024· Updated Jun 2, 2025
CVE-2024-23525
CVE-2024-23525
Description
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Perl/ParseXLSX packagedescription
- Range: <0.30
- osv-coordsRange: < 0.310.0-1.1
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2024/01/18/4mitremailing-list
- lists.debian.org/debian-lts-announce/2024/01/msg00018.htmlmitremailing-list
- gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4amitre
- github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10mitre
- metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changesmitre
- security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.htmlmitre
News mentions
0No linked articles in our index yet.