Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-hq76-662x-7mw4: Pimcore includes vulnerable PHPOffice/PhpSpreadsheet

Summary

Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability (CVE-2024-45048). To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, please refer to the official advisory: GHSA-ghg6-32f9-2jp7.

ghsa
#vulnerability#git#php
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-hq76-662x-7mw4

Pimcore includes vulnerable PHPOffice/PhpSpreadsheet

High severity GitHub Reviewed Published Sep 3, 2024 in pimcore/pimcore • Updated Sep 3, 2024

Package

composer pimcore/admin-ui-classic-bundle (Composer)

Affected versions

< 1.3.11

>= 1.4.0, < 1.4.7

>= 1.5.0, < 1.5.4

Patched versions

1.3.11

1.4.7

1.5.4

composer pimcore/data-importer (Composer)

< 1.8.9

>= 1.9.0, < 1.9.3

>= 10.6.9.0, < 10.6.9.12

>= 11.1.0.0, < 11.1.6.11

Summary

Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability (CVE-2024-45048). To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, please refer to the official advisory: GHSA-ghg6-32f9-2jp7.

References

  • GHSA-hq76-662x-7mw4
  • GHSA-ghg6-32f9-2jp7

Published to the GitHub Advisory Database

Sep 3, 2024

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission