AVG-629 log

Package python-openpyxl, python2-openpyxl
Status Fixed
Severity High
Type xml external entity injection
Affected 2.4.0-1
Fixed 2.4.1-1
Current 3.1.5-2 [extra-testing]
3.1.5-1 [extra]
Ticket None
Created Thu Feb 22 22:37:21 2018
Issue Severity Remote Type Description
CVE-2017-5992 High Yes Xml external entity injection
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.