USN-6781-1: Spreadsheet::ParseExcel vulnerability

Ubuntu Security Advisory

Le Dinh Hai discovered that Spreadsheet::ParseExcel was passing unvalidated
input from a file into a string-type “eval”. An attacker could craft a
malicious file to achieve arbitrary code execution.


Leave a Reply

Your email address will not be published. Required fields are marked *