CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/12/29/4	Mailing List Patch Third Party Advisory
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171	Product
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md	Third Party Advisory
https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc	Broken Link Third Party Advisory
https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc	Broken Link Patch
https://https://metacpan.org/dist/Spreadsheet-ParseExcel	Broken Link Product
https://https://www.cve.org/CVERecord?id=CVE-2023-7101	Broken Link Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/	Mailing List
https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/12/29/4	Mailing List Patch Third Party Advisory
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171	Product
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md	Third Party Advisory
https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc	Broken Link Third Party Advisory
https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc	Broken Link Patch
https://https://metacpan.org/dist/Spreadsheet-ParseExcel	Broken Link Product
https://https://www.cve.org/CVERecord?id=CVE-2023-7101	Broken Link Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/	Mailing List
https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jmcnamara:spreadsheet\:\:parseexcel:*:*:*:*:*:perl:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

History

13 Feb 2025, 18:16

Type	Values Removed	Values Added
Summary	(en) Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.	(en) Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

27 Jan 2025, 21:53

Type	Values Removed	Values Added
References	~~() https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html - Mailing List

21 Nov 2024, 08:45

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2023/12/29/4 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2023/12/29/4 - Mailing List, Patch, Third Party Advisory
References	~~() https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 - Product~~	() https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 - Product
References	~~() https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md - Third Party Advisory~~	() https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md - Third Party Advisory
References	~~() https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc - Broken Link, Third Party Advisory~~	() https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc - Broken Link, Third Party Advisory
References	~~() https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc - Broken Link, Patch~~	() https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc - Broken Link, Patch
References	~~() https://https://metacpan.org/dist/Spreadsheet-ParseExcel - Broken Link, Product~~	() https://https://metacpan.org/dist/Spreadsheet-ParseExcel - Broken Link, Product
References	~~() https://https://www.cve.org/CVERecord?id=CVE-2023-7101 - Broken Link, Third Party Advisory~~	() https://https://www.cve.org/CVERecord?id=CVE-2023-7101 - Broken Link, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html - Mailing List, Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/ - Mailing List~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/ - Mailing List
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/ - Mailing List~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/ - Mailing List
References	~~() https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html - Third Party Advisory~~	() https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html - Third Party Advisory

14 Aug 2024, 19:40

Type	Values Removed	Values Added
References	~~() http://www.openwall.com/lists/oss-security/2023/12/29/4 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2023/12/29/4 - Mailing List, Patch, Third Party Advisory

10 Jun 2024, 16:27

Type	Values Removed	Values Added
References	~~() https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc - Third Party Advisory~~	() https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc - Broken Link, Third Party Advisory
References	~~() https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc - Patch~~	() https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc - Broken Link, Patch
References	~~() https://https://metacpan.org/dist/Spreadsheet-ParseExcel - Product~~	() https://https://metacpan.org/dist/Spreadsheet-ParseExcel - Broken Link, Product
References	~~() https://https://www.cve.org/CVERecord?id=CVE-2023-7101 - Third Party Advisory~~	() https://https://www.cve.org/CVERecord?id=CVE-2023-7101 - Broken Link, Third Party Advisory
References	~~() https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html -~~	() https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html - Third Party Advisory

05 May 2024, 15:15

Type	Values Removed	Values Added
References		() https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html -

09 Jan 2024, 20:07

Type	Values Removed	Values Added
CPE		cpe:2.3:a:jmcnamara:spreadsheet\:\:parseexcel::::::perl::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:38:::::::*
References	~~() http://www.openwall.com/lists/oss-security/2023/12/29/4 -~~	() http://www.openwall.com/lists/oss-security/2023/12/29/4 - Mailing List, Third Party Advisory
References	~~() https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 -~~	() https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 - Product
References	~~() https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md -~~	() https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md - Third Party Advisory
References	~~() https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc -~~	() https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc - Third Party Advisory
References	~~() https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc -~~	() https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc - Patch
References	~~() https://https://metacpan.org/dist/Spreadsheet-ParseExcel -~~	() https://https://metacpan.org/dist/Spreadsheet-ParseExcel - Product
References	~~() https://https://www.cve.org/CVERecord?id=CVE-2023-7101 -~~	() https://https://www.cve.org/CVERecord?id=CVE-2023-7101 - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html -~~	() https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html - Mailing List, Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/ - Mailing List
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/ - Mailing List
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Jmcnamara Debian Fedoraproject fedora Debian debian Linux Jmcnamara spreadsheet\ Fedoraproject
CWE		CWE-94

08 Jan 2024, 03:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/ -

03 Jan 2024, 17:15

Type	Values Removed	Values Added
References		() https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc -

31 Dec 2023, 03:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html -

29 Dec 2023, 18:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2023/12/29/4 -
Summary		(es) Spreadsheet::ParseExcel version 0.65 es un módulo Perl utilizado para analizar archivos Excel. Spreadsheet::ParseExcel es afectado por una vulnerabilidad de ejecución de código arbitrario (ACE) debido a que se pasa una entrada no validada de un archivo a una "evaluación" de tipo cadena. Específicamente, el problema surge de la evaluación de cadenas de formato numérico (que no deben confundirse con cadenas de formato de estilo printf) dentro de la lógica de análisis de Excel.

24 Dec 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-24 22:15

Updated : 2025-02-13 18:16

NVD link : CVE-2023-7101

Mitre link : CVE-2023-7101

CVE.ORG link : CVE-2023-7101

JSON object : View

Products Affected

jmcnamara

spreadsheet\

fedoraproject

fedora

debian

debian_linux

CWE

CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2023-7101", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-12-24T22:15:07.983", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/12/29/4", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "mandiant-cve@google.com"}, {"url": "https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171", "tags": ["Product"], "source": "mandiant-cve@google.com"}, {"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md", "tags": ["Third Party Advisory"], "source": "mandiant-cve@google.com"}, {"url": "https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc", "tags": ["Broken Link", "Third Party Advisory"], "source": "mandiant-cve@google.com"}, {"url": "https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc", "tags": ["Broken Link", "Patch"], "source": "mandiant-cve@google.com"}, {"url": "https://https://metacpan.org/dist/Spreadsheet-ParseExcel", "tags": ["Broken Link", "Product"], "source": "mandiant-cve@google.com"}, {"url": "https://https://www.cve.org/CVERecord?id=CVE-2023-7101", "tags": ["Broken Link", "Third Party Advisory"], "source": "mandiant-cve@google.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html", "tags": ["Mailing List"], "source": "mandiant-cve@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/", "tags": ["Mailing List"], "source": "mandiant-cve@google.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/", "tags": ["Mailing List"], "source": "mandiant-cve@google.com"}, {"url": "https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html", "tags": ["Third Party Advisory"], "source": "mandiant-cve@google.com"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/29/4", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc", "tags": ["Broken Link", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://https://metacpan.org/dist/Spreadsheet-ParseExcel", "tags": ["Broken Link", "Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://https://www.cve.org/CVERecord?id=CVE-2023-7101", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "mandiant-cve@google.com", "description": [{"lang": "en", "value": "CWE-95"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type \u201ceval\u201d. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic."}, {"lang": "es", "value": "Spreadsheet::ParseExcel version 0.65 es un m\u00f3dulo Perl utilizado para analizar archivos Excel. Spreadsheet::ParseExcel es afectado por una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario (ACE) debido a que se pasa una entrada no validada de un archivo a una \"evaluaci\u00f3n\" de tipo cadena. Espec\u00edficamente, el problema surge de la evaluaci\u00f3n de cadenas de formato num\u00e9rico (que no deben confundirse con cadenas de formato de estilo printf) dentro de la l\u00f3gica de an\u00e1lisis de Excel."}], "lastModified": "2025-02-13T18:16:12.690", "cisaActionDue": "2024-01-23", "cisaExploitAdd": "2024-01-02", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jmcnamara:spreadsheet\\:\\:parseexcel:*:*:*:*:*:perl:*:*", "vulnerable": true, "matchCriteriaId": "1C81AC37-3219-4A80-A89E-8BDC1E238F82", "versionEndIncluding": "0.65"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"}], "operator": "OR"}]}], "sourceIdentifier": "mandiant-cve@google.com", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Spreadsheet::ParseExcel Remote Code Execution Vulnerability"}

7.8 /10