Количество 3
Количество 3
CVE-2025-54370
PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a crafted string from the user is passed to the HTML reader. This issue has been patched in versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0.
GHSA-rx7m-68vc-ppxh
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
BDU:2025-11115
Уязвимость функции setPath() PHP-библиотеки PhpSpreadsheet, позволяющая нарушителю осуществить SSRF-атаку
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-54370 PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a crafted string from the user is passed to the HTML reader. This issue has been patched in versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0. | 0% Низкий | 6 месяцев назад | |
| GHSA-rx7m-68vc-ppxh PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser | 0% Низкий | 6 месяцев назад | |
 | BDU:2025-11115 Уязвимость функции setPath() PHP-библиотеки PhpSpreadsheet, позволяющая нарушителю осуществить SSRF-атаку | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу