Potential security issue #7
Comments
|
See also runrig#33 |
|
Thanks for fixing CVE-2023-7101. Yet memory bombing as reported in https://github.com/haile01/perl_spreadsheet_excel_rce_poc is still possible. |
|
@MichaelDaum The memory bomb part of the POC is against Spreadsheet::ParseXLSX which uses Spreadsheet::ParseExcel but isn't part of it. That isn't within my control. That part of the issue seems to be raised here: doy/spreadsheet-parsexlsx#103 |
|
Fixed in version 0.66 which is now on CPAN. |
|
Hi John,
I'm appreciate for your getting back and quick response for the issue.
Thank you and happy new year,
Hai
…On Fri, 29 Dec 2023, 19:01 John McNamara, ***@***.***> wrote:
Fixed in version 0.66 which is now on CPAN.
—
Reply to this email directly, view it on GitHub
<#7 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AIJ6ZSGGHYB4TCI324WKKB3YL2WKTAVCNFSM6AAAAAAZOO6UY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZRHE4TMOBWGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Thanks but to give credit where it is due the fix was from @ruoso, I just tested and packaged it. |
Oic. Sorry. Gave it a spin in doy/spreadsheet-parsexlsx#104 |
|
@psmoros as a member of the cpan security working group I am attempting to do a lesson's learned for the issue you referenced (that eventually became CVE-2023-7101). Would you mind contacting me at "timlegge at cpan dot org" to answer a few questions? |
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@haile01) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.mdfile with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: