XXE in default configuration of Spreadsheet::ParseXLSX
MichaelDaum opened this issue · 6 comments
MichaelDaum commented
Don't allow external entities by default. Reported by @phvietan.
see https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
MichaelDaum commented
Fixed in latest release
stigtsp commented
CVE identifier has been requested
MichaelDaum commented
Reopening this issue to add the CVE id to the changelogs once available
carnil commented
CVE-2024-23525 has been assigned.
MichaelDaum commented
CVE now is properly documented in 0.31
phvietan commented
Thank you for your fast responses and hard work !!!