-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security

Vulnerability Details

Registries

Custom Views

Weaknesses

Attack Patterns

Filters & Tools

openpyxl

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1

Related CVEs Related Vendors Related Assigners Reports

1Vulnerabilities found

Assigner-MITRE Corporation

Assigner-MITRE Corporation

CVSS Score-8.2||HIGH

EPSS-0.53% / 66.20%

||

7 Day CHG~0.00%

Published-15 Feb, 2017 | 19:00

Updated-20 Apr, 2025 | 01:37

Rejected-Not Available

Known To Be Used In Ransomware Campaigns?-Not Available

KEV Added-Not Available

KEV Action Due Date-Not Available

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

Action-Not Available

Vendor-n/a Python Software Foundation

Product-openpyxl n/a

CWE ID-CWE-611

Improper Restriction of XML External Entity Reference