High severityNVD Advisory· Published Apr 17, 2025· Updated Apr 22, 2025

CVE-2024-53924

Description

Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pycelPyPI	<= 1.0b30	—

Affected products

Pycel/Pycelcpe-rescue
ghsa-coords
pkg:pypi/pycel
Range: <= 1.0b30

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-pw67-xjhq-389wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-53924ghsaADVISORY
gist.github.com/aelmosalamy/cb098e61939718d2bb248fd1cc94f287ghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/pycel/PYSEC-2025-177.yamlghsaWEB
pypi.org/project/pycelghsaWEB
pypi.org/project/pycel/mitre

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000