Launchpad.net

CVE 2024-23525

The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.

See the CVE page on Mitre.org for more details.