XXE in default configuration of Spreadsheet::ParseXLSX

Question

MichaelDaum opened this issue 8 months ago · 6 comments

Don't allow external entities by default. Reported by @phvietan.

Answer 1 · 2024-01-17T11:42:32.000Z

Fixed in latest release

Answer 2 · 2024-01-17T16:25:39.000Z

CVE identifier has been requested

Answer 3 · 2024-01-17T16:35:02.000Z

Reopening this issue to add the CVE id to the changelogs once available

Answer 4 · 2024-01-18T08:18:43.000Z

CVE-2024-23525 has been assigned.

Answer 5 · 2024-01-18T11:32:31.000Z

CVE now is properly documented in 0.31

Answer 6 · 2024-01-18T16:16:50.000Z

Thank you for your fast responses and hard work !!!