Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PhpSpreadsheet XmlScanner bypass leads to XXE
Vulnerability Description
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
PhpSpreadsheet 代码问题漏洞
Vulnerability Description
PhpSpreadsheet是PHPOffice开源的一款用于读取和写入电子表格文件的PHP库。 PhpSpreadsheet存在代码问题漏洞,该漏洞源于攻击者可以绕过清理程序并实现XML外部实体攻击。
CVSS Information
N/A
Vulnerability Type
N/A