2024-01-17 00:00:00
mitre
PUBLISHED
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.