Server Side Request Forgery (SSRF)

phpoffice/phpspreadsheet is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the ability of an attacker to construct an XLSX file that links images from arbitrary paths, which allows for embedding those files as data: URLs and performing unauthorized HTTP GET requests...

Pimcore includes vulnerable PHPOffice/PhpSpreadsheet

Summary Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability CVE-2024-45048. To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, pleas...