CVE-2024-53924

Name of the Vulnerable Software and Affected Versions Pycel versions 1.0b30 and earlier

Description The issue allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval(" import ('os').system( substring.") in an untrusted spreadsheet.

Recommendations For versions 1.0b30 and earlier, as a temporary workaround, consider disabling the evaluation of crafted formulas in cells until a patch is available. Avoid using the eval() function in the affected spreadsheet processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.