Xml::Twig · Xml::Twig · CVE-2024-23525
**Name of the Vulnerable Software and Affected Versions**
Spreadsheet::ParseXLSX versions prior to 0.30
**Description**
The issue is related to the incorrect restriction of XML links to external objects, allowing an attacker to conduct XXE attacks using a specially crafted XLSX file. This is because the Spreadsheet::ParseXLSX package neglects to use the `no xxe` option of `XML::Twig`.
**Recommendations**
For versions prior to 0.30, update to version 0.30 or later to resolve the issue. As a temporary workaround, consider enabling the `no xxe` option of `XML::Twig` to prevent XXE attacks.