High severityNVD Advisory· Published Nov 18, 2024· Updated Nov 18, 2024
PhpSpreadsheet XmlScanner bypass leads to XXE
CVE-2024-47873
Description
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpoffice/phpspreadsheetPackagist | < 1.29.4 | 1.29.4 |
phpoffice/phpspreadsheetPackagist | >= 2.0.0, < 2.1.3 | 2.1.3 |
phpoffice/phpspreadsheetPackagist | >= 2.2.0, < 2.3.2 | 2.3.2 |
phpoffice/phpspreadsheetPackagist | >= 3.3.0, < 3.4.0 | 3.4.0 |
phpoffice/phpexcelPackagist | <= 1.8.2 | — |
Affected products
1- Range: < 1.29.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-jw4x-v69f-hh5wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47873ghsaADVISORY
- github.com/PHPOffice/PhpSpreadsheet/blob/39fc51309181e82593b06e2fa8e45ef8333a0335/src/PhpSpreadsheet/Reader/Security/XmlScanner.phpghsax_refsource_MISCWEB
- github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-jw4x-v69f-hh5wghsax_refsource_CONFIRMWEB
- owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processingghsax_refsource_MISCWEB
- www.w3.org/TR/xml/ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.