GHSA-28rm-rj57-qjpv

Suggest an improvement
Source
https://github.com/advisories/GHSA-28rm-rj57-qjpv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-28rm-rj57-qjpv/GHSA-28rm-rj57-qjpv.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-28rm-rj57-qjpv
Aliases
  • CVE-2014-2054
Published
2022-05-17T04:42:46Z
Modified
2024-12-07T05:40:07.112823Z
Summary
PHPExcel vulnerable to XXE attacks through libxml
Details

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Database specific
{
    "nvd_published_at": "2014-06-04T14:55:00Z",
    "cwe_ids": [
        "CWE-611"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-25T14:11:44Z"
}
References

Affected packages

Packagist / phpoffice/phpexcel

Package

Name
phpoffice/phpexcel
Purl
pkg:composer/phpoffice/phpexcel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.0

Affected versions

1.*

1.7.9-rc1
1.7.9
1.8.0rc1
1.8.0rc2
1.8.0rc3
1.8.0rc4