clayton@site:~/news$ cat cve-2023-7101-spreadsheetparseexcel-spreadsheetparseexcel.log

CVE-2023-7101 — Spreadsheet::ParseExcel Remote Code Execution Vulnerability

2024-01-02 • CISA Known Exploited Vulnerability

[event] Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

> AFFECTED SOFTWARE

Field	Value
Vendor	Spreadsheet::ParseExcel
Product	Spreadsheet::ParseExcel
CWE	CWE-95
CVE ID	CVE-2023-7101
Date Added	2024-01-02
Due Date	2024-01-23
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-01-23

> REFERENCES

[1] https://metacpan.org/dist/Spreadsheet-ParseExcel
[2] https://www.barracuda.com/company/legal/esg-vulnerability
[3] https://nvd.nist.gov/vuln/detail/CVE-2023-7101