CVE-2024-47873 | PHPOffice PhpSpreadsheet up to 1.29.3/2.1.2/2.3.1/3.3.x scan/findCharSet xml external entity reference (GHSA-jw4x-v69f-hh5w)

Posted by Angelo Barbosa | Nov 18, 2024 | CVE

A vulnerability was found in PHPOffice PhpSpreadsheet up to 1.29.3/2.1.2/2.3.1/3.3.x and classified as critical. Affected by this issue is the function scan/findCharSet. The manipulation leads to xml external entity reference.

This vulnerability is handled as CVE-2024-47873. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-47873 | PHPOffice PhpSpreadsheet up to 1.29.3/2.1.2/2.3.1/3.3.x scan/findCharSet xml external entity reference (GHSA-jw4x-v69f-hh5w)

Related Posts

CVE-2024-21682 | Atlassian Assets Discovery Data Center 6.2.0 improper authentication

CVE-2024-35302 | JetBrains TeamCity up to 2023.10 Restore from Backup cross site scripting

VDB-278247 | Backdoor.Win32.BlackAngel.13 Service Port 1850 backdoor

CVE-2024-4437 | Red Hat OpenStack Platform etcd Package resource consumption