Lucene search
K

4 matches found

NVD
NVD
added 2019/11/07 3:15 p.m.31 views

CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS8.7AI score0.0135EPSS
Exploits1References2
CVE
CVE
added 2019/11/07 2:3 p.m.83 views

CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 contains an XXE flaw in the XML handling of sheet1.xml. The XmlScanner decodes sheet1.xml to UTF-8 when a non-UTF-8 encoding is declared, and an attacker can double-encode payloads in UTF-7 to bypass the string check for , enabling XML External Entity (XXE) p...

8.8CVSS8.4AI score0.0135EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/11/07 2:3 p.m.27 views

CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.6AI score0.0135EPSS
Exploits1References2
Friends Of PHP
Friends Of PHP
added 2019/07/01 12:55 p.m.41 views

XXE Vulnerability

This is: - a bugfix - a new feature - X security Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the...

8.8CVSS8.7AI score0.0135EPSS
Exploits1Affected Software1
Rows per page
Query Builder