[Bug]: PhpSpreadsheet Security Vulnerabilities - Githubissues

SpartnerNL / Laravel-Excel

🚀 Supercharged Excel exports and imports in Laravel

https://laravel-excel.com

MIT License

12.24k stars 1.91k forks source link

[Bug]: PhpSpreadsheet Security Vulnerabilities #4195

Closed peter-fliszar-markcon closed 2 weeks ago

peter-fliszar-markcon commented 2 weeks ago

Is the bug applicable and reproducable to the latest version of the package and hasn't it been reported before?

[X] Yes, it's still reproducable

What version of Laravel Excel are you using?

3.1

What version of Laravel are you using?

10

What version of PHP are you using?

8.1

Describe your issue

XXE in PHPSpreadsheet encoding is returned https://github.com/advisories/GHSA-ghg6-32f9-2jp7

PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information https://github.com/advisories/GHSA-wgmf-q9vr-vww6

How can the issue be reproduced?

The issues are security issues, those have detailed description on the links.

What should be the expected behaviour?

Upgrade the dependency to >2.2.2 PHPSpreadsheet, which is secure

szekeresa commented 2 weeks ago

Issue: https://github.com/SpartnerNL/Laravel-Excel/issues/4192

peter-fliszar-markcon commented 2 weeks ago

Issue: #4192

Thx