PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ‚<!ENTITY‘ and thus allowing for an xml external entity processing (XXE) attack.
Metrics
Affected Vendors & Products
References
History
Wed, 04 Sep 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Phpoffice
Phpoffice phpspreadsheet |
|
CPEs | cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:* | |
Vendors & Products |
Phpspreadsheet Project
Phpspreadsheet Project phpspreadsheet |
Phpoffice
Phpoffice phpspreadsheet |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-07T14:03:43
Updated: 2024-08-04T23:17:39.846Z
Reserved: 2019-05-27T00:00:00
Link: CVE-2019-12331
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-11-07T15:15:10.697
Modified: 2024-11-21T04:22:37.817
Link: CVE-2019-12331
Redhat
No data.