Closed peter-fliszar-markcon closed 2 weeks ago
3.1
10
8.1
XXE in PHPSpreadsheet encoding is returned https://github.com/advisories/GHSA-ghg6-32f9-2jp7
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information https://github.com/advisories/GHSA-wgmf-q9vr-vww6
The issues are security issues, those have detailed description on the links.
Upgrade the dependency to >2.2.2 PHPSpreadsheet, which is secure
Issue: https://github.com/SpartnerNL/Laravel-Excel/issues/4192
Issue: #4192
Thx
Is the bug applicable and reproducable to the latest version of the package and hasn't it been reported before?
What version of Laravel Excel are you using?
3.1
What version of Laravel are you using?
10
What version of PHP are you using?
8.1
Describe your issue
XXE in PHPSpreadsheet encoding is returned https://github.com/advisories/GHSA-ghg6-32f9-2jp7
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information https://github.com/advisories/GHSA-wgmf-q9vr-vww6
How can the issue be reproduced?
The issues are security issues, those have detailed description on the links.
What should be the expected behaviour?
Upgrade the dependency to >2.2.2 PHPSpreadsheet, which is secure