CVE-2024-45290
published 2024-10-07CVE-2024-45290: PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.58%
43.3th percentile
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | loft_data_grids | — | — |
| phpoffice | phpexcel | 0 – 1.8.2 | — |
| phpoffice | phpspreadsheet | < 1.29.2 | 1.29.2 |
| phpoffice | phpspreadsheet | — | — |
| phpoffice | phpspreadsheet | — | — |
| phpoffice | phpspreadsheet | >= 0 < 1.29.2 | 1.29.2 |
| phpoffice | phpspreadsheet | >= 2.0.0 < 2.1.1 | 2.1.1 |
| phpoffice | phpspreadsheet | >= 2.0.0 < 2.1.1 | 2.1.1 |
| phpoffice | phpspreadsheet | >= 2.2.0 < 2.3.0 | 2.3.0 |
| phpoffice | phpspreadsheet | >= 2.2.0 < 2.3.0 | 2.3.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Drupal
Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054
vendor_drupal·2024-10-23
CVE-2024-45048 [MEDIUM] Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054
Title: Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054
Vulnerability Type: Multiple vulnerabilities
Description: This module provides serialization formats for use by other modules. The module includes a version of phpoffice/phpspreadsheet which has multiple known security vulnerabilities.
Solution: If you use the Loft Data Grids module for Drupal 7.x, install one of: Loft Data Grids 7.x-2.7 - which removes support for the XLSX format, as the patched version requires PHP 8. Loft Data Grids 7.x-3.0 - which includes XLSX support, by requiring PHP 8 and Composer installation. See the module's README-file for more information.
OSV
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
osv·2024-10-07
CVE-2024-45290 [HIGH] PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
### Summary
It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL.
Note that this vulnerability is different from [GHSA-w9xv-qf98-ccq4](https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4), and resides in a different component.
### Details
When an XLSX file is opened, the XLSX reader calls `setPath()` with the path provided in the `xl/drawings/_rels/drawing1.xml.rels` file in the X
GHSA
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
ghsa·2024-10-07
CVE-2024-45290 [HIGH] CWE-36 PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
### Summary
It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL.
Note that this vulnerability is different from [GHSA-w9xv-qf98-ccq4](https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4), and resides in a different component.
### Details
When an XLSX file is opened, the XLSX reader calls `setPath()` with the path provided in the `xl/drawings/_rels/drawing1.xml.rels` file in the X
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-07
Published