CVE-2023-7101: Spreadsheet::ParseExcel Remote Code Execution
Spreadsheet::ParseExcel Remote Code Execution Vulnerability. Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.
- CISA KEV-listed (remediation due 2024-01-23)
- EPSS 57.8% (98.2% percentile)