this post was submitted on 28 Dec 2023
1 points (100.0% liked)

EDV-Sicherheit

345 readers
3 users here now

IT Security auf Deutsch.

founded 2 years ago
MODERATORS
[email protected]
1
Kritische Sicherheitslücke in Perl-Bibliothek: Schwachstelle bereits ausgenutzt (www.heise.de)
submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]
0 comments fedilink hide all child comments
 

CVE-2023-7101:

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Proof of concept @ github: https://github.com/haile01/perl_spreadsheet_excel_rce_poc

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here