Vulnerabilities (CVE)

Filtered by vendor Tozt Subscribe
Filtered by product Spreadsheet\
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23525 1 Tozt 1 Spreadsheet\ 2024-11-21 N/A 6.5 MEDIUM
The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
CVE-2024-22368 1 Tozt 1 Spreadsheet\ 2024-11-21 N/A 5.5 MEDIUM
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.