Headline
GHSA-hq76-662x-7mw4: Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
Summary
Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability (CVE-2024-45048). To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, please refer to the official advisory: GHSA-ghg6-32f9-2jp7.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-hq76-662x-7mw4
Pimcore includes vulnerable PHPOffice/PhpSpreadsheet
High severity GitHub Reviewed Published Sep 3, 2024 in pimcore/pimcore • Updated Sep 3, 2024
Package
composer pimcore/admin-ui-classic-bundle (Composer)
Affected versions
< 1.3.11
>= 1.4.0, < 1.4.7
>= 1.5.0, < 1.5.4
Patched versions
1.3.11
1.4.7
1.5.4
composer pimcore/data-importer (Composer)
< 1.8.9
>= 1.9.0, < 1.9.3
>= 10.6.9.0, < 10.6.9.12
>= 11.1.0.0, < 11.1.6.11
Summary
Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability (CVE-2024-45048). To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, please refer to the official advisory: GHSA-ghg6-32f9-2jp7.
References
- GHSA-hq76-662x-7mw4
- GHSA-ghg6-32f9-2jp7
Published to the GitHub Advisory Database
Sep 3, 2024