phpoffice/phpspreadsheet upgrade due to CVE-2024-48917 and CVE-2024-47873 #66
Description
Summary of problem or feature request
`Found 2 security vulnerability advisories affecting 1 package.
Run "composer audit" for a full list of advisories.
xxxxx@xxxx:/var/www/xxxx/xxxx/# composer audit
Found 2 security vulnerability advisories affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package | phpoffice/phpspreadsheet |
| Severity | high |
| CVE | CVE-2024-48917 |
| Title | XXE in PHPSpreadsheet's XLSX reader |
| URL | GHSA-7cc9-j4mv-vcjp |
| Affected versions | >=3.3.0,<3.4.0|>=2.2.0,<2.3.2|>=2.0.0,<2.1.3|<1.29.4 |
| Reported at | 2024-11-18T20:01:46+00:00 |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package | phpoffice/phpspreadsheet |
| Severity | high |
| CVE | CVE-2024-47873 |
| Title | XmlScanner bypass leads to XXE |
| URL | GHSA-jw4x-v69f-hh5w |
| Affected versions | >=3.3.0,<3.4.0|>=2.2.0,<2.3.2|>=2.0.0,<2.1.3|<1.29.4 |
| Reported at | 2024-11-18T20:01:20+00:00 |
+-------------------+----------------------------------------------------------------------------------+`
Code snippet of problem
composer "insert anything here"
System details
- Operating System: Ubuntu 22.04.1 LTS
- PHP Version: 8.3.12
- Laravel Version: 11.33.2
- Laravel-DataTables Version: 11