Hi,
I am currently investigating if the versions of openpyxl in Wheezy and
Jessie are vulnerable. Apparently support for lxml was first introduced
in version 1.8. Wheezy and Jessie ship older versions though.
Is there another attack vector or can we assume that all versions
without lxml support a
On Tue, 07 Feb 2017, Yaroslav Halchenko wrote:
> thanks for the very detailed report!!! I have adopted that patch for our
> now dated version of openpyxl -- upload is coming shortly
unfortunately a blind adaptation of the patch wasn't sufficient, since
running your PoC code results in
$> pytho
thanks for the very detailed report!!! I have adopted that patch for our
now dated version of openpyxl -- upload is coming shortly
On Tue, 07 Feb 2017, Ulikowski, Marcin wrote:
> Package: python-openpyxl
> Version: <= 2.3.5
> Openpyxl is vulnerable to XXE which allows reading local files and Do
3 matches
Mail list logo
