Update database for Spreadsheet::ParseXLSX #134

briandfoy · Jan 17, 2024 · d5b0a4b · d5b0a4b
1 parent 9c6cec6
commit d5b0a4b
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 17 deletions.
diff --git a/lib/CPAN/Audit/DB.pm b/lib/CPAN/Audit/DB.pm
@@ -1,12 +1,12 @@
-# created by util/generate at Wed Jan 10 16:11:30 2024
-# cpan-security-advisory 304c7e71fb9c68268da173e4c5a62c4909dbc4df
+# created by util/generate at Wed Jan 17 12:58:13 2024
+# cpan-security-advisory ddb1f55cc6e68fac82c8f55852c8459ecb859416
 #
 package CPAN::Audit::DB;
 
 use strict;
 use warnings;
 
-our $VERSION = '20240110.002';
+our $VERSION = '20240117.001';
 
 sub db {
 	{
@@ -46453,6 +46453,10 @@ sub db {
                                                       {
                                                         'date' => '2024-01-10T15:04:01',
                                                         'version' => '1.42_03'
+                                                      },
+                                                      {
+                                                        'date' => '2024-01-17T09:07:40',
+                                                        'version' => '1.42_04'
                                                       }
                                                     ]
                                     },
@@ -55589,7 +55593,7 @@ sub db {
 ',
                                                                         'distribution' => 'Spreadsheet-ParseXLSX',
                                                                         'fixed_versions' => '>=0.28',
-                                                                        'id' => 'CPANSA-Spreadsheet-ParseXLSX-2024-01',
+                                                                        'id' => 'CPANSA-Spreadsheet-ParseXLSX-2024-22368',
                                                                         'references' => [
                                                                                           'https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md',
                                                                                           'https://github.com/briandfoy/cpan-security-advisory/issues/131',
@@ -55599,6 +55603,22 @@ sub db {
                                                                                           'https://github.com/advisories/GHSA-x2hg-844v-frvh'
                                                                                         ],
                                                                         'reported' => '2024-01-03'
+                                                                      },
+                                                                      {
+                                                                        'affected_versions' => '<0.30',
+                                                                        'cves' => [],
+                                                                        'description' => 'In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse(\'user_input_file.xlsx\'), we\'d be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input.
+',
+                                                                        'distribution' => 'Spreadsheet-ParseXLSX',
+                                                                        'fixed_versions' => '>=0.30',
+                                                                        'id' => 'CPANSA-Spreadsheet-ParseXLSX-2024-02',
+                                                                        'references' => [
+                                                                                          'https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes',
+                                                                                          'https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a',
+                                                                                          'https://github.com/briandfoy/cpan-security-advisory/issues/134',
+                                                                                          'https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10'
+                                                                                        ],
+                                                                        'reported' => '2024-01-17'
                                                                       }
                                                                     ],
                                                     'main_module' => 'Spreadsheet::ParseXLSX',
@@ -55718,6 +55738,10 @@ sub db {
                                                                     {
                                                                       'date' => '2024-01-02T17:49:11',
                                                                       'version' => '0.29'
+                                                                    },
+                                                                    {
+                                                                      'date' => '2024-01-17T11:34:43',
+                                                                      'version' => '0.30'
                                                                     }
                                                                   ]
                                                   },
@@ -61711,6 +61735,10 @@ sub db {
                                                           {
                                                             'date' => '2023-07-17T22:02:15',
                                                             'version' => '6.72'
+                                                          },
+                                                          {
+                                                            'date' => '2024-01-13T20:26:02',
+                                                            'version' => '6.73'
                                                           }
                                                         ]
                                         },

diff --git a/lib/CPAN/Audit/DB.pm.gpg b/lib/CPAN/Audit/DB.pm.gpg
@@ -1,16 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmWfCAIACgkQ+D+NXoeL
-YEFTvQ/+IW2Jhsh4YeLHD5bMGd+5KREWQCK0K5YDh5qXQmB7pSHoLunV5pVpepxM
-ftdS0iwpZ3D6xuRvNNfcK82JanGq3AHUxV21d/8pISjKVutADaBh2MkugkeMVCj0
-fs6IrJGzCc0mDxX+JyWTez4UaW1NM6G+uHtWi/LE+oWzluI77qM1OjPN1PYd8sSO
-9aL9Ut0Dya+o9SE38hkw14bQaME48hbBVpASP/J2EZpzUJBz0hohZU2GQg4UuCfr
-+x3LxKQbb6+dE5c3yBCk94QbLKis54Pn+SUFJy5EsMTDVdfjQYgWkLfC+b06i7q1
-cEDesLjEMDSXnLm2X5IBzExMeq4hjQWL6XDj5arnfIxVmThola7tP2VlR0W4LWS0
-+QQKT9HFXtjLYTsIXJp1+oFBexSa0nC11dJMspDkcD7wkYVx3shwmdrfcYZWqjEc
-3Yc2y5SmAxPYz814o7UQyzeLDdjfDv2tnPvIHpYhv4cxBKFMqPJK7XjPF/Pe6b7y
-LRZ13lSNptt/8Ttb0t3qC82BQBFNz+ZU0/d4Dz/IyfEpFy75jLhbGnwqpdAnNeaT
-9TSgg68Q6vrA/LGiU71nrYfTR8hY45b1DVaO7Ozm8fDdf4OHd6LjqGqK4ciKqeOt
-d8QT8TmfXQcjkdhmuqRPIXEb0qSasG8orly5tZMYxMK5510xI1Y=
-=NlJW
+iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmWoFTUACgkQ+D+NXoeL
+YEFeJw//YNSKVBZ8ibx286HRuZZUmXTIlcVmM1GzjaL5eJ5B+3JJgON7UInNnbDQ
+Tlv1/AfdgGKGR5JfLYkgriE+ixfKtMTnpGSz4opV6hMF2CXm2+U2+Rqk/TC/4mUK
+y/HSWaCQAzGHQt+BRRUFT8SpaCBVLpwoMeG5kvDV/J0CdTwyUmh5gUVZ+fQIKKk6
+8TduyqPwbDPf2Dexz/cq97UfEDvhecnFC73Umo46KlEFshfImQ9t2Rp63PWvVZ3Q
+oD4AGDvqQUCUnT+Fank/g4/+lFmDyaBVXkLt6VEh5aXMWQvl98Be2tD/5Fxjyym0
+WsEYbtNzE5pcgJ6cyeVEzGzoqqwETHPDosuXOJMjcKjrIBRCWDMpVNtXefmJY9ah
+Ip4oYJE3DPkkFdC42FqdsPUtWM7QFhzASHG78Lmd1hAstaUEeHEbOCVlxQhOANeb
+Ps2/lW1AkZkfw0RGlPc1zRSkKNCrEW50R8eg59oLoUbKmJBDsvv24aSj5X/S8U6K
+4nLU+XsJvhkoMORVfTWKl8COUb8kGHZae2hL+ufet0qnKDNaD2KwMmp4sFT3Y0cp
+WtnPiqpN+xOJzdZwhvZjLcyM93YfLk9FOAw9AmMiIfE/MT+HnE9wXxHTcKHFHpOE
+dAYN/gmDM7mdvp9TmJGdx8cgO5IwrYVVgftprIy+OPK15xZT9Zc=
+=mlRh
 -----END PGP SIGNATURE-----