ГлавнаяУязвимости → CVE-2024-53924
9.8критическая

CVE-2024-53924

Описание

Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.

Затрагиваемое ПО
Dgorissen Pycel
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://gist.github.com/aelmosalamy/cb098e61939718d2bb248fd1cc94f287https://github.com/dgorissen/pycelhttps://github.com/stephenrauch/pycelhttps://pypi.org/project/pycel/https://gist.github.com/aelmosalamy/cb098e61939718d2bb248fd1cc94f287