Lucene search

GoogleOSV:GHSA-HQ76-662X-7MW4

HistorySep 03, 2024 - 7:45 p.m.

Pimcore includes vulnerable PHPOffice/PhpSpreadsheet

2024-09-0319:45:26

Google

osv.dev

pimcore

enterprise

phpoffice/phpspreadsheet

cve-2024-45048

update

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

36.5%

JSON

Summary

Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability (CVE-2024-45048). To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, please refer to the official advisory: GHSA-ghg6-32f9-2jp7.

References

github.com/advisories/GHSA-ghg6-32f9-2jp7

github.com/pimcore/pimcore

github.com/pimcore/pimcore/security/advisories/GHSA-hq76-662x-7mw4

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

36.5%

JSON

Related for OSV:GHSA-HQ76-662X-7MW4