CVE-2024-45291Absolute Path Traversal in Phpspreadsheet

CWE-36Absolute Path TraversalCWE-918Server-Side Request ForgeryCWE-22Path Traversal5 documents5 sources
Severity
8.8HIGHNVD
CNA6.3
EPSS
0.9%
top 24.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Phpoffice PhpspreadsheetPhpoffice Phpexcel
Timeline
PublishedOct 7
Latest updateOct 23

Description

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an att

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5phpoffice/phpspreadsheet< 1.29.2+2
NVDphpoffice/phpspreadsheet2.0.02.1.1+2
Packagistphpoffice/phpspreadsheet2.2.02.3.0+2
Packagistphpoffice/phpexcel1.8.2

🔴Vulnerability Details

3
GHSA
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled2024-10-07
OSV
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled2024-10-07
CVEList
Path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled in PHPSpreadsheet2024-10-07

📋Vendor Advisories

1
Drupal
Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-0542024-10-23
CVE-2024-45291 — Absolute Path Traversal | cvebase