{"id":"CVE-2017-5992","details":"Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.","aliases":["GHSA-chqf-hx79-gxc6","PYSEC-2017-48"],"modified":"2026-03-14T09:25:26.251809Z","published":"2017-02-15T19:59:01.283Z","related":["openSUSE-SU-2024:11248-1","openSUSE-SU-2024:14028-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/07/5"},{"type":"REPORT","url":"https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1"},{"type":"REPORT","url":"https://bitbucket.org/openpyxl/openpyxl/issues/749"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://bitbucket.org/openpyxl/openpyxl","events":[{"introduced":"0"},{"fixed":"3b4905f428e1"}]},{"type":"GIT","repo":"https://bitbucket.org/openpyxl/openpyxl","events":[{"introduced":"0"},{"fixed":"3b4905f428e1"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.4.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5992.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H"}]}