CVE-2023-7101

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic. Vendor/Product: Spreadsheet::ParseExcel Spreadsheet::ParseExcel. Added to CISA KEV 2024-01-02; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.