Tozt: Security Vulnerabilities
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-01-18
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-01-09