ALAS2023-2024-491 --- perl-Spreadsheet-ParseExcelID: oval:org.secpod.oval:def:19500579 | Date: (C)2024-02-13 (M)2024-06-17 |
Class: PATCH | Family: unix |
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic
Platform: |
Amazon Linux 2023 |
Product: |
perl-Spreadsheet-ParseExcel |