|
1 | | -# created by util/generate at Wed Jan 3 21:54:50 2024 |
2 | | -# cpan-security-advisory bdc3863dd33276fe8343e89da2006905c0cdc130 |
| 1 | +# created by util/generate at Wed Jan 17 12:58:13 2024 |
| 2 | +# cpan-security-advisory ddb1f55cc6e68fac82c8f55852c8459ecb859416 |
3 | 3 | # |
4 | 4 | package CPAN::Audit::DB; |
5 | 5 |
|
6 | 6 | use strict; |
7 | 7 | use warnings; |
8 | 8 |
|
9 | | -our $VERSION = '20240103.004'; |
| 9 | +our $VERSION = '20240117.001'; |
10 | 10 |
|
11 | 11 | sub db { |
12 | 12 | { |
@@ -4690,6 +4690,10 @@ sub db { |
4690 | 4690 | { |
4691 | 4691 | 'date' => '2023-11-01T07:57:12', |
4692 | 4692 | 'version' => '4.60' |
| 4693 | + }, |
| 4694 | + { |
| 4695 | + 'date' => '2024-01-08T15:17:04', |
| 4696 | + 'version' => '4.61' |
4693 | 4697 | } |
4694 | 4698 | ] |
4695 | 4699 | }, |
@@ -22889,6 +22893,10 @@ sub db { |
22889 | 22893 | { |
22890 | 22894 | 'date' => '2019-05-24T18:54:07', |
22891 | 22895 | 'version' => '2.04' |
| 22896 | + }, |
| 22897 | + { |
| 22898 | + 'date' => '2024-01-08T04:48:56', |
| 22899 | + 'version' => '2.05' |
22892 | 22900 | } |
22893 | 22901 | ] |
22894 | 22902 | }, |
@@ -38650,6 +38658,10 @@ sub db { |
38650 | 38658 | { |
38651 | 38659 | 'date' => '2024-01-02T15:38:07', |
38652 | 38660 | 'version' => '5.503' |
| 38661 | + }, |
| 38662 | + { |
| 38663 | + 'date' => '2024-01-08T18:22:18', |
| 38664 | + 'version' => '5.503' |
38653 | 38665 | } |
38654 | 38666 | ] |
38655 | 38667 | }, |
@@ -46429,6 +46441,22 @@ sub db { |
46429 | 46441 | { |
46430 | 46442 | 'date' => '2023-12-24T15:48:59', |
46431 | 46443 | 'version' => '1.42' |
| 46444 | + }, |
| 46445 | + { |
| 46446 | + 'date' => '2024-01-04T11:21:08', |
| 46447 | + 'version' => '1.42_01' |
| 46448 | + }, |
| 46449 | + { |
| 46450 | + 'date' => '2024-01-08T09:38:46', |
| 46451 | + 'version' => '1.42_02' |
| 46452 | + }, |
| 46453 | + { |
| 46454 | + 'date' => '2024-01-10T15:04:01', |
| 46455 | + 'version' => '1.42_03' |
| 46456 | + }, |
| 46457 | + { |
| 46458 | + 'date' => '2024-01-17T09:07:40', |
| 46459 | + 'version' => '1.42_04' |
46432 | 46460 | } |
46433 | 46461 | ] |
46434 | 46462 | }, |
@@ -47509,6 +47537,18 @@ sub db { |
47509 | 47537 | { |
47510 | 47538 | 'date' => '2024-01-02T14:34:40', |
47511 | 47539 | 'version' => '1.93_03' |
| 47540 | + }, |
| 47541 | + { |
| 47542 | + 'date' => '2024-01-05T00:45:35', |
| 47543 | + 'version' => '1.93_04' |
| 47544 | + }, |
| 47545 | + { |
| 47546 | + 'date' => '2024-01-06T18:39:23', |
| 47547 | + 'version' => '1.93_05' |
| 47548 | + }, |
| 47549 | + { |
| 47550 | + 'date' => '2024-01-08T01:22:27', |
| 47551 | + 'version' => '1.94' |
47512 | 47552 | } |
47513 | 47553 | ] |
47514 | 47554 | }, |
@@ -50756,6 +50796,14 @@ sub db { |
50756 | 50796 | { |
50757 | 50797 | 'date' => '2015-11-21T06:05:48', |
50758 | 50798 | 'version' => '1.013_03' |
| 50799 | + }, |
| 50800 | + { |
| 50801 | + 'date' => '2024-01-04T15:11:21', |
| 50802 | + 'version' => '1.015' |
| 50803 | + }, |
| 50804 | + { |
| 50805 | + 'date' => '2024-01-05T13:57:01', |
| 50806 | + 'version' => '1.016' |
50759 | 50807 | } |
50760 | 50808 | ] |
50761 | 50809 | }, |
@@ -52296,6 +52344,10 @@ sub db { |
52296 | 52344 | { |
52297 | 52345 | 'date' => '2022-09-05T15:48:11', |
52298 | 52346 | 'version' => '1.0050' |
| 52347 | + }, |
| 52348 | + { |
| 52349 | + 'date' => '2024-01-05T23:11:02', |
| 52350 | + 'version' => '1.0051' |
52299 | 52351 | } |
52300 | 52352 | ] |
52301 | 52353 | }, |
@@ -55534,17 +55586,39 @@ sub db { |
55534 | 55586 | 'advisories' => [ |
55535 | 55587 | { |
55536 | 55588 | 'affected_versions' => '<0.28', |
55537 | | - 'cves' => [], |
55538 | | - 'description' => 'ParseXLSX also handles with merged cells, but the memoize implementation allows attacker to allocate an arbitrary memory size. |
| 55589 | + 'cves' => [ |
| 55590 | + 'CVE-2024-22368' |
| 55591 | + ], |
| 55592 | + 'description' => 'The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells. |
55539 | 55593 | ', |
55540 | 55594 | 'distribution' => 'Spreadsheet-ParseXLSX', |
55541 | 55595 | 'fixed_versions' => '>=0.28', |
55542 | | - 'id' => 'CPANSA-Spreadsheet-ParseXLSX-2024-01', |
| 55596 | + 'id' => 'CPANSA-Spreadsheet-ParseXLSX-2024-22368', |
55543 | 55597 | 'references' => [ |
55544 | 55598 | 'https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md', |
55545 | | - 'https://github.com/briandfoy/cpan-security-advisory/issues/131' |
| 55599 | + 'https://github.com/briandfoy/cpan-security-advisory/issues/131', |
| 55600 | + 'https://nvd.nist.gov/vuln/detail/CVE-2024-22368', |
| 55601 | + 'https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md', |
| 55602 | + 'https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes', |
| 55603 | + 'https://github.com/advisories/GHSA-x2hg-844v-frvh' |
55546 | 55604 | ], |
55547 | 55605 | 'reported' => '2024-01-03' |
| 55606 | + }, |
| 55607 | + { |
| 55608 | + 'affected_versions' => '<0.30', |
| 55609 | + 'cves' => [], |
| 55610 | + 'description' => 'In default configuration of Spreadsheet::ParseXLSX, whenever we call Spreadsheet::ParseXLSX->new()->parse(\'user_input_file.xlsx\'), we\'d be vulnerable for XXE vulnerability if the XLSX file that we are parsing is from user input. |
| 55611 | +', |
| 55612 | + 'distribution' => 'Spreadsheet-ParseXLSX', |
| 55613 | + 'fixed_versions' => '>=0.30', |
| 55614 | + 'id' => 'CPANSA-Spreadsheet-ParseXLSX-2024-02', |
| 55615 | + 'references' => [ |
| 55616 | + 'https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes', |
| 55617 | + 'https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a', |
| 55618 | + 'https://github.com/briandfoy/cpan-security-advisory/issues/134', |
| 55619 | + 'https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10' |
| 55620 | + ], |
| 55621 | + 'reported' => '2024-01-17' |
55548 | 55622 | } |
55549 | 55623 | ], |
55550 | 55624 | 'main_module' => 'Spreadsheet::ParseXLSX', |
@@ -55664,6 +55738,10 @@ sub db { |
55664 | 55738 | { |
55665 | 55739 | 'date' => '2024-01-02T17:49:11', |
55666 | 55740 | 'version' => '0.29' |
| 55741 | + }, |
| 55742 | + { |
| 55743 | + 'date' => '2024-01-17T11:34:43', |
| 55744 | + 'version' => '0.30' |
55667 | 55745 | } |
55668 | 55746 | ] |
55669 | 55747 | }, |
@@ -61657,6 +61735,10 @@ sub db { |
61657 | 61735 | { |
61658 | 61736 | 'date' => '2023-07-17T22:02:15', |
61659 | 61737 | 'version' => '6.72' |
| 61738 | + }, |
| 61739 | + { |
| 61740 | + 'date' => '2024-01-13T20:26:02', |
| 61741 | + 'version' => '6.73' |
61660 | 61742 | } |
61661 | 61743 | ] |
61662 | 61744 | }, |
@@ -63404,7 +63486,7 @@ sub db { |
63404 | 63486 | 'severity' => undef |
63405 | 63487 | }, |
63406 | 63488 | { |
63407 | | - 'affected_versions' => '>=5.30.0,<5.38.2', |
| 63489 | + 'affected_versions' => '>=5.30.0,<5.36.3,>=5.38.0,<5.38.2', |
63408 | 63490 | 'cves' => [ |
63409 | 63491 | 'CVE-2023-47100' |
63410 | 63492 | ], |
|
0 commit comments