Security Advisory

CVE-2023-7101

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-24 21:34:46

Last updated 2025-10-21 23:05:29

Assigner Mandiant

State PUBLISHED

Description

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

← Browse all CVEs View on cve.org ↗