Skip to main content

Openpyxl

1 CVEs product

Monthly

CVE-2017-5992 PyPI HIGH PATCH This Week

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Openpyxl
NVD
CVSS 3.0
8.2
EPSS
0.5%
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Openpyxl
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy