Plataforma
php
Componente
phpoffice/phpspreadsheet
Corrigido em
1.29.3
2.0.1
2.2.1
2.3.0
CVE-2024-45290 describes a Path Traversal vulnerability discovered in phpoffice/phpspreadsheet. This flaw allows attackers to potentially leak sensitive information by crafting malicious XLSX files that exploit how PhpSpreadsheet handles external URLs within images. The vulnerability impacts versions of PhpSpreadsheet up to and including 2.2.2, and a fix is available in version 2.3.0.
An attacker can leverage this vulnerability to read arbitrary files on the server hosting the PhpSpreadsheet application. By crafting a malicious XLSX file containing a specially crafted URL using the php://filter protocol, the attacker can trick PhpSpreadsheet into retrieving and potentially exposing the contents of any file accessible to the web server. This could include sensitive configuration files, database credentials, or even source code. The blast radius extends to any system processing these malicious XLSX files, potentially leading to widespread data breaches and system compromise. This differs from a previously disclosed vulnerability (GHSA-w9xv-qf98-ccq4) and resides in a different component.
This vulnerability was publicly disclosed on 2024-10-07. No known public exploits or active campaigns have been reported at the time of writing. The vulnerability is not currently listed on CISA KEV. The CVSS score of 7.7 indicates a High severity rating, suggesting a reasonable likelihood of exploitation if left unaddressed.
Applications utilizing PhpSpreadsheet versions 2.2.2 or earlier are at risk. This includes web applications, data processing scripts, and any system that processes XLSX files using this library. Shared hosting environments where users can upload files are particularly vulnerable, as malicious XLSX files could be uploaded and processed by other users' applications.
• php: Check for PhpSpreadsheet versions ≤2.2.2 using php -m | grep phpspreadsheet.
• web server: Monitor access logs for requests containing php://filter and unusual file paths. Look for patterns like php://filter/convert.resource://....
• generic web: Use curl to test for file exposure by crafting a malicious XLSX file and attempting to open it through the application. Analyze the response for unexpected file content.
disclosure
Status do Exploit
EPSS
0.30% (percentil 54%)
CISA SSVC
Vetor CVSS
The primary mitigation is to upgrade to PhpSpreadsheet version 2.3.0 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict the ability of PhpSpreadsheet to access external URLs by configuring your web server to block requests to php://filter. Implement strict input validation on all XLSX files processed by PhpSpreadsheet, rejecting files with suspicious URL patterns. Monitor web server access logs for requests containing php://filter and unusual file paths.
Atualize a biblioteca PhpSpreadsheet para a versão 1.29.2, 2.1.1 ou 2.3.0, ou para uma versão posterior. Isso corrigirá a vulnerabilidade de travessia de caminho e Server-Side Request Forgery ao abrir arquivos XLSX. Você pode atualizar a biblioteca usando Composer executando `composer update phpoffice/phpspreadsheet`.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-45290 is a Path Traversal vulnerability in PhpSpreadsheet versions up to 2.2.2, allowing attackers to potentially leak file contents via malicious XLSX files.
You are affected if you are using PhpSpreadsheet versions 2.2.2 or earlier. Upgrade to 2.3.0 or later to mitigate the risk.
Upgrade to PhpSpreadsheet version 2.3.0 or later. As a temporary workaround, restrict access to php://filter URLs or implement strict input validation.
No active exploitation has been reported at this time, but the High severity rating indicates a potential risk.
Refer to the official advisory on the PhpSpreadsheet GitHub repository: https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.