CVE-2024-53924 Information

Description

Pycel through 1.0b30 when operating on an untrusted spreadsheet allows code execution via a crafted formula in a cell such as one beginning with the =IF(A1=200 eval(_import_(‘os’).system( substring.

Reference

https://gist.github.com/aelmosalamy/cb098e61939718d2bb248fd1cc94f287 https://github.com/dgorissen/pycel https://github.com/stephenrauch/pycel https://pypi.org/project/pycel/