PyPI package
openpyxl
pkg:pypi/openpyxl
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5992 | Hig | 8.2 | < 2.4.2 | 2.4.2 | Feb 15, 2017 | Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. |
- affected < 2.4.2fixed 2.4.2
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.