CVE-2024-45293 | PHPOffice PhpSpreadsheet up to 1.29.0/2.1.0 Excel Parser XmlScanner.php toUtf8 xml external entity reference (GHSA-6hwr-6v2f-3m88)

Posted by Angelo Barbosa | Oct 7, 2024 | CVE

A vulnerability classified as problematic has been found in PHPOffice PhpSpreadsheet up to 1.29.0/2.1.0. Affected is the function toUtf8 of the file src/PhpSpreadsheet/Reader/Security/XmlScanner.php of the component Excel Parser. The manipulation leads to xml external entity reference.

This vulnerability is traded as CVE-2024-45293. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-45293 | PHPOffice PhpSpreadsheet up to 1.29.0/2.1.0 Excel Parser XmlScanner.php toUtf8 xml external entity reference (GHSA-6hwr-6v2f-3m88)

Related Posts

CVE-2024-31139 | JetBrains TeamCity prior 2024.03 Maven Build Steps Detector xml external entity reference

CVE-2024-29154 | danielmiessler fabric up to 1.3.0 index.js htmlToPlainText cross site scripting

CVE-2024-26668 | Linux Kernel up to 5.15.148/6.1.75/6.6.14/6.7.2 nft_limit integer overflow

CVE-2023-6136 | Bowo Debug Log Manager Plugin up to 2.3.0 on WordPress information disclosure