CVE-2024-47873 | PHPOffice PhpSpreadsheet up to 1.29.3/2.1.2/2.3.1/3.3.x scan/findCharSet xml external entity reference (GHSA-jw4x-v69f-hh5w)

Inserito da Angelo Barbosa | Nov 18, 2024 | CVE

A vulnerability was found in PHPOffice PhpSpreadsheet up to 1.29.3/2.1.2/2.3.1/3.3.x and classified as critical. Affected by this issue is the function scan/findCharSet. The manipulation leads to xml external entity reference.

This vulnerability is handled as CVE-2024-47873. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-47873 | PHPOffice PhpSpreadsheet up to 1.29.3/2.1.2/2.3.1/3.3.x scan/findCharSet xml external entity reference (GHSA-jw4x-v69f-hh5w)

Post correlati

CVE-2023-50961 | IBM QRadar SIEM 7.5 Web UI cross site scripting (XFDB-275939)

CVE-2024-3325 | Jaspersoft JasperReport Servers up to 9.0.0 Privilege Escalation

CVE-2023-52349 | Unisoc S8000 Ril Service out-of-bounds write

CVE-2024-8089 | SourceCodester E-Commerce System 1.0 controller.php photo unrestricted upload