Skip to content

Instantly share code, notes, and snippets.

View aelmosalamy's full-sized avatar

Adham Elmosalamy aelmosalamy

23 followers · 22 following
View GitHub Profile
@aelmosalamy
aelmosalamy / CVE-2024-53924.md
Last active April 18, 2025 16:10

CVE-2024-53924

  • Description: Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("import('os').system( substring.
  • Author: Adham Elmosalamy (@aelmo)
  • Date of Disclosure: November 23, 2024
  • Link: https://nvd.nist.gov/vuln/detail/CVE-2024-53924

Summary

Pycel, a Python library for working with Excel worksheets including symbolic safe evaluation of Excel formulas suffer from a code execution vulnerability where Python-native functions that are otherwise blocked could be executed using specially crafted Excel formulas. This allows an attacker to provide a malicious document that leads to code execution when evaluated by Pycel.

@aelmosalamy
aelmosalamy / x
Last active December 29, 2024 00:03
x
alert(origin)
@aelmosalamy
aelmosalamy / i3.config
Last active November 8, 2021 10:45
Orange-ish i3-gaps with dmenu. I don't use polybar anymore.
# This file has been auto-generated by i3-config-wizard(1).
# It will not be overwritten, so edit it as you like.
#
# Should you change your keyboard layout some time, delete
# this file and re-run i3-config-wizard(1).
#
# i3 config file (v4)
#
# Please see https://i3wm.org/docs/userguide.html for a complete reference!