PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a crafted string from the user is passed to the HTML reader. This issue has been patched in versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| phpoffice/phpspreadsheet(Packagist) | 0 | 1.30.0 | N/A |
| phpoffice/phpspreadsheet(Packagist) | 2.0.0 | 2.1.12 | N/A |
| phpoffice/phpspreadsheet(Packagist) | 2.2.0 | 2.4.0 | N/A |
| phpoffice/phpspreadsheet(Packagist) | 3.0.0 | 3.10.0 | N/A |
| phpoffice/phpspreadsheet(Packagist) | 4.0.0 | 5.0.0 | N/A |
CVSS Metrics
