Описание
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-7102
- https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md
- https://metacpan.org/dist/Spreadsheet-ParseExcel
- https://www.barracuda.com/company/legal/esg-vulnerability
- https://www.cve.org/CVERecord?id=CVE-2023-7101
Связанные уязвимости
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Уязвимость библиотеки для работы с XLS-файлами Spreadsheet::ParseExcel микропрограммного обеспечения шлюза безопасности электронной почты Barracuda Email Security Gateway Appliance, связанная с использованием опасных методов или функций, позволяющая нарушителю выполнить произвольный код