CVE-2024-47873
Last modified
CVE-2024-47873 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. EPSS estimates a 0.76% chance of exploitation in the next 30 days.
Description
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phpoffice | Phpspreadsheet | < 1.29.4 |
| Phpoffice | Phpspreadsheet | >= 2.0.0, < 2.1.3 |
| Phpoffice | Phpspreadsheet | >= 2.2.0, < 2.3.2 |
| Phpoffice | Phpspreadsheet | >= 3.3.0, < 3.4.0 |
References
- https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-jw4x-v69f-hh5wExploit, Vendor Advisory
- https://www.w3.org/TR/xml/#sec-guessing-no-ext-infoTechnical Description
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-47873?
How severe is CVE-2024-47873?
How do I fix CVE-2024-47873?
Are you affected by CVE-2024-47873?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST