Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-5992

Опубликовано: 15 фев. 2017
Источник: debian

Описание

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
openpyxlfixed2.3.0-3package
openpyxlnot-affectedjessiepackage
openpyxlnot-affectedwheezypackage

Примечания

  • https://www.openwall.com/lists/oss-security/2017/02/07/5

  • https://bitbucket.org/openpyxl/openpyxl/issues/749

  • https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1

Связанные уязвимости

ubuntu логотип

CVE-2017-5992

CVSS3: 8.2
ubuntu
почти 9 лет назад

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

nvd логотип

CVE-2017-5992

CVSS3: 8.2
nvd
почти 9 лет назад

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

suse-cvrf логотип

openSUSE-SU-2018:0522-1

suse-cvrf
почти 8 лет назад

Security update for python3-openpyxl

suse-cvrf логотип

openSUSE-SU-2018:0108-1

suse-cvrf
около 8 лет назад

Security update for python-openpyxl

github логотип

GHSA-chqf-hx79-gxc6

CVSS3: 8.2
github
больше 3 лет назад

Improper Restriction of XML External Entity Reference in Openpyxl