CVE-2023-7101

HIGH

CVSS v3

7.8

HIGH

EPSS Score

16.7%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Technical Details

Published
12/24/2023

Frequently Asked Questions

What is CVE-2023-7101?

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Is CVE-2023-7101 actively exploited?

Active exploitation of CVE-2023-7101 has not been confirmed. The EPSS score is 16.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2023-7101?

CVE-2023-7101 has a CVSS v3 base score of 7.8 (HIGH severity).

Is CVE-2023-7101 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.