CVE-2023-7101
HIGHCVSS v3
7.8
HIGH
EPSS Score
16.7%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
Technical Details
- Published
- 12/24/2023
Frequently Asked Questions
What is CVE-2023-7101?
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
Is CVE-2023-7101 actively exploited?
Active exploitation of CVE-2023-7101 has not been confirmed. The EPSS score is 16.7%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2023-7101?
CVE-2023-7101 has a CVSS v3 base score of 7.8 (HIGH severity).
Is CVE-2023-7101 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.