GHSA-hq76-662x-7mw4: Pimcore includes vulnerable PHPOffice/PhpSpreadsheet

September 3, 2024

Pimcore 10.6.x and Enterprise 10.6.x versions currently depend on PHPOffice/PhpSpreadsheet version 1.x, which has recently been identified with a security vulnerability (CVE-2024-45048). To mitigate this issue, it is recommended to update to the latest version 2.2.2. For more details, please refer to the official advisory: GHSA-ghg6-32f9-2jp7.

References

github.com/advisories/GHSA-ghg6-32f9-2jp7
github.com/advisories/GHSA-hq76-662x-7mw4
github.com/pimcore/pimcore
github.com/pimcore/pimcore/security/advisories/GHSA-hq76-662x-7mw4

Code Behaviors & Features

Detect and mitigate GHSA-hq76-662x-7mw4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →