Skip to content

Commit

Permalink
Update database
Browse files Browse the repository at this point in the history
  • Loading branch information
@briandfoy
briandfoy committed Jan 10, 2024
1 parent c7c7b86 commit 43190c5
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 19 deletions.
18 changes: 12 additions & 6 deletions lib/CPAN/Audit/DB.pm
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# created by util/generate at Wed Jan 10 11:08:46 2024
# cpan-security-advisory 138495cdf4c9c658792bfa9c6b3a6d71e0bdd521
# created by util/generate at Wed Jan 10 16:11:30 2024
# cpan-security-advisory 304c7e71fb9c68268da173e4c5a62c4909dbc4df
#
package CPAN::Audit::DB;

use strict;
use warnings;

our $VERSION = '20240110.001';
our $VERSION = '20240110.002';

sub db {
{
Expand Down Expand Up @@ -55582,15 +55582,21 @@ sub db {
'advisories' => [
{
'affected_versions' => '<0.28',
'cves' => [],
'description' => 'ParseXLSX also handles with merged cells, but the memoize implementation allows attacker to allocate an arbitrary memory size.
'cves' => [
'CVE-2024-22368'
],
'description' => 'The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.
',
'distribution' => 'Spreadsheet-ParseXLSX',
'fixed_versions' => '>=0.28',
'id' => 'CPANSA-Spreadsheet-ParseXLSX-2024-01',
'references' => [
'https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md',
'https://github.com/briandfoy/cpan-security-advisory/issues/131'
'https://github.com/briandfoy/cpan-security-advisory/issues/131',
'https://nvd.nist.gov/vuln/detail/CVE-2024-22368',
'https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md',
'https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes',
'https://github.com/advisories/GHSA-x2hg-844v-frvh'
],
'reported' => '2024-01-03'
}
Expand Down
26 changes: 13 additions & 13 deletions lib/CPAN/Audit/DB.pm.gpg
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmWewQ4ACgkQ+D+NXoeL
YEGgfA//RjkhCAYEpnOp46CiLwXhqc/cvfFCYR5IBPUCW3dsmvHMYnQVligBEawr
KIgCTUVP2ccWvxx9zeYQ+8i5YJXDCW2fwSZO+uzA4YKR/aFUYUiE/6l30McE93j8
yEEE2QR6i4EginVtRKINMNDQF96z6mkJ3IhiofOXxWq7oFi07BonDuzItbI4NpCs
E8TwG9suR6zlkhFuAyO76LkTv5K4dvlQm8D4QaLIndzFkFpChfVQZ14WJTtSSfgW
NBEZEZ5e0QX7NVlLIagqEVguUp5WL8VD2+zeed+Zt81X++SDrOS06EJh+5Lp09CH
QgNCbWWRdY59DElSuATC0cdr6V5yiFv41ChpU0BSYDbidxL6mwhYaRXmY6rXEb+S
Wr7KhugTZG/gXK3lDlwyW5E6qHc1DyS9daIKHhEBbmOFKI9XAfjpKOd5e5nEZoMQ
hjo94C8e+gxoxQ9zCFmpp47oWaE644E5ccM2wZz0tHRsUNEv14c/6ALsLifvGtQX
aChWVc4SZErrmpj8QLIIJifiY3HVGkhIw0nVeTEPl68BEyGpTQjBgOOLtcGdvm09
oizhmvB0uSQosYVE55uHqlA+iGarysjneo/wo7blkCVwfPxLt7NqGpLlwUDgQWGc
O48llkJbJ4nLYwiQej0WBSzVbj6njA7XzIk0yNaB06JyWhprdug=
=N43G
iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmWfCAIACgkQ+D+NXoeL
YEFTvQ/+IW2Jhsh4YeLHD5bMGd+5KREWQCK0K5YDh5qXQmB7pSHoLunV5pVpepxM
ftdS0iwpZ3D6xuRvNNfcK82JanGq3AHUxV21d/8pISjKVutADaBh2MkugkeMVCj0
fs6IrJGzCc0mDxX+JyWTez4UaW1NM6G+uHtWi/LE+oWzluI77qM1OjPN1PYd8sSO
9aL9Ut0Dya+o9SE38hkw14bQaME48hbBVpASP/J2EZpzUJBz0hohZU2GQg4UuCfr
+x3LxKQbb6+dE5c3yBCk94QbLKis54Pn+SUFJy5EsMTDVdfjQYgWkLfC+b06i7q1
cEDesLjEMDSXnLm2X5IBzExMeq4hjQWL6XDj5arnfIxVmThola7tP2VlR0W4LWS0
+QQKT9HFXtjLYTsIXJp1+oFBexSa0nC11dJMspDkcD7wkYVx3shwmdrfcYZWqjEc
3Yc2y5SmAxPYz814o7UQyzeLDdjfDv2tnPvIHpYhv4cxBKFMqPJK7XjPF/Pe6b7y
LRZ13lSNptt/8Ttb0t3qC82BQBFNz+ZU0/d4Dz/IyfEpFy75jLhbGnwqpdAnNeaT
9TSgg68Q6vrA/LGiU71nrYfTR8hY45b1DVaO7Ozm8fDdf4OHd6LjqGqK4ciKqeOt
d8QT8TmfXQcjkdhmuqRPIXEb0qSasG8orly5tZMYxMK5510xI1Y=
=NlJW
-----END PGP SIGNATURE-----

0 comments on commit 43190c5

Please sign in to comment.