GHSA-hq76-662x-7mw4 – pimcore/data-importer

Package

Manager: composer
Name: pimcore/data-importer
Vulnerable Version: >=0 <1.8.9 || >=1.9.0 <1.9.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Pimcore includes vulnerable PHPOffice/PhpSpreadsheet ### Summary Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability (CVE-2024-45048). To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, please refer to the official advisory: [GHSA-ghg6-32f9-2jp7](https://github.com/advisories/GHSA-ghg6-32f9-2jp7).

Metadata

Created: 2024-09-03T19:45:26Z
Modified: 2024-09-03T19:45:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-hq76-662x-7mw4/GHSA-hq76-662x-7mw4.json
CWE IDs: []
Alternative ID: N/A
Finding: F410
Auto approve: 1