CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

CVE-2025-54370

CVE-2025-54370 affects PhpSpreadsheet. The SSRF vulnerability resides in PhpOffice\PhpSpreadsheet\Worksheet\Drawing::setPath, where a user-supplied string read by the HTML reader can cause server-side requests. Affected versions include prior to 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0; patches a...

CVE-2024-35474

A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt...

Absolute Path Traversal

Overview Affected versions of this package are vulnerable to Absolute Path Traversal via the setPath method. An attacker can access or leak sensitive information by constructing a malicious XLSX file that manipulates the path to external or internal resources, exploiting the file reading mechanis...

Absolute Path Traversal

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Absolute Path Traversal via the setPath method. An attacker can access or leak sensitive information by constructing a malicious...

CVE-2024-35474

A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote attacker to disclose files on the server, via setPath in ResourcePackFileServer.kt...

ResourcePack Server Security Vulnerability

ResourcePack Server is a small server hosting server resource pack by Brian Duan, an individual developer in China. A security vulnerability exists in iceice666 ResourcePack Server versions prior to v1.0.8, which stems from a vulnerability that allows remote attackers to disclose files on the...

PT-2024-40735 · Git +1 · Jq

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue. The crash state involves functions such as jv array set, jv set, and jv setpath. No information is available about the estimated number of...

PT-2022-37313 · Git +1 · Skia

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the SkPath::Iter::next function, SkRegion::setPath...

Prototype Pollution in object-path-set

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

GHSA-H6PR-C536-6RJG Prototype Pollution in object-path-set

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

CVE-2021-23507

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

Design/Logic Flaw

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

CVE-2021-23507 Prototype Pollution

The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908...

GHSA-WXGW-QJ99-44C2 Prototype Pollution in node-forge util.setPath API

Impact forge.util.setPath had a potential prototype pollution issue if called with untrusted keys. This API was not used by forge itself. Patches The forge.util.setPath API and related functions were removed in 0.10.0. Workarounds Don't call forge.util.setPath directly or indirectly with untruste...

The vulnerability of the util.setPath function in the node-fetch library of the Aurora Application Center involves uncontrolled changes to prototype attributes of objects. This allows attackers to execute a “prototype pollution” attack.

The vulnerability of the util.setPath function in the node-fetch library of the Aurora Application Software is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack...

GHSA-J4RW-X3VG-C8R7 Prototype Pollution in node-oojs

All versions of package node-oojs up to and including version 1.4.0 are vulnerable to Prototype Pollution via the setPath function...

Prototype Pollution in node-oojs

All versions of package node-oojs up to and including version 1.4.0 are vulnerable to Prototype Pollution via the setPath function...

Prototype Pollution

node-oojs is vulnerable to prototype pollution. The vulnerability exists as the setPath function does not restrict proto headers to be set in objects...