rpm package
opensuse/perl-Spreadsheet-ParseXLSX&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/perl-Spreadsheet-ParseXLSX&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-23525 | — | < 0.310.0-1.1 | 0.310.0-1.1 | Jan 17, 2024 | The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig. | ||
| CVE-2024-22368 | — | < 0.290.0-2.1 | 0.290.0-2.1 | Jan 9, 2024 | The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells. |
- CVE-2024-23525Jan 17, 2024affected < 0.310.0-1.1fixed 0.310.0-1.1
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
- CVE-2024-22368Jan 9, 2024affected < 0.290.0-2.1fixed 0.290.0-2.1
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.