Detections
Analytics
CVE-2017-5992
medium
Description
Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.
References
Details
Published: 2017-02-15
Updated: 2025-04-20
Risk Information
CVSS v2
Base Score: 5.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P
Severity: Medium
CVSS v3
Base Score: 8.2
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
Severity: High
CVSS v4
Base Score: 6.4
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:H
Severity: Medium
EPSS
EPSS: 0.00528