← Back

CVE-2024-53924

nvd nist
Published: Apr 17, 2025Modified: Jun 17, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.

Affected (25)

Products: Dgorissen: Pycel
Dgorissen
1 product
Pycel
Configuration A
25 vulnerable
Vulnerable SoftwareAffected Versions
Dgorissen
Pycel
Version 1.0 beta0
Pycel
Version 1.0 beta11
Pycel
Version 1.0 beta12
Pycel
Version 1.0 beta13
Pycel
Version 1.0 beta14
Pycel
Version 1.0 beta15
Pycel
Version 1.0 beta16
Pycel
Version 1.0 beta17
Pycel
Version 1.0 beta18
Pycel
Version 1.0 beta19
Pycel
Version 1.0 beta20
Pycel
Version 1.0 beta21
Pycel
Version 1.0 beta22
Pycel
Version 1.0 beta26
Pycel
Version 1.0 beta27
Pycel
Version 1.0 beta28
Pycel
Version 1.0 beta29
Pycel
Version 1.0 beta2
Pycel
Version 1.0 beta30
Pycel
Version 1.0 beta3
Pycel
Version 1.0 beta4
Pycel
Version 1.0 beta5
Pycel
Version 1.0 beta6
Pycel
Version 1.0 beta7
Pycel
Version 1.0 beta8

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (5)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Product
Source: cve@mitre.org
Product
Source: cve@mitre.org
Product
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline

No history available yet.