Tozt Spreadsheet::parsexlsx — known CVE vulnerabilities
Every CVE whose affected-product data names Tozt Spreadsheet::parsexlsx, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2024-23525 — CVSS 6.5 (medium): The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.
CVE-2024-22368 — CVSS 5.5 (medium): The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document…