High severityNVD Advisory· Published Nov 18, 2024· Updated Nov 18, 2024
PhpSpreadsheet XmlScanner bypass leads to XXE
CVE-2024-47873
Description
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpoffice/phpspreadsheetPackagist | < 1.29.4 | 1.29.4 |
phpoffice/phpspreadsheetPackagist | >= 2.0.0, < 2.1.3 | 2.1.3 |
phpoffice/phpspreadsheetPackagist | >= 2.2.0, < 2.3.2 | 2.3.2 |
phpoffice/phpspreadsheetPackagist | >= 3.3.0, < 3.4.0 | 3.4.0 |
phpoffice/phpexcelPackagist | <= 1.8.2 | — |
Affected products
3- ghsa-coords2 versions
<= 1.8.2+ 1 more
- (no CPE)range: <= 1.8.2
- (no CPE)range: < 1.29.4
- Range: < 1.29.4
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-jw4x-v69f-hh5wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47873ghsaADVISORY
- github.com/PHPOffice/PhpSpreadsheet/blob/39fc51309181e82593b06e2fa8e45ef8333a0335/src/PhpSpreadsheet/Reader/Security/XmlScanner.phpghsax_refsource_MISCWEB
- github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-jw4x-v69f-hh5wghsax_refsource_CONFIRMWEB
- owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processingghsax_refsource_MISCWEB
- www.w3.org/TR/xml/ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.