Lucene search

K
osvGoogleOSV:GHSA-CHQF-HX79-GXC6
HistoryMay 17, 2022 - 2:58 a.m.

Improper Restriction of XML External Entity Reference in Openpyxl

2022-05-1702:58:54
Google
osv.dev
10
openpyxl
xml external entity
xxe attacks
.xlsx document
software

EPSS

0.005

Percentile

76.0%

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

EPSS

0.005

Percentile

76.0%