First published: Sun Dec 24 2023(Updated: )
Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.
Credit: mandiant-cve@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Chrome | =120.0.6099.129/130 | |
Spreadsheet::ParseExcel Spreadsheet::ParseExcel | =0.65 | |
Spreadsheet::ParseExcel Spreadsheet::ParseExcel | ||
Google Chrome | <=0.65 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.