CVE-2018-19277 - OpenCVE

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpoffice	Phpspreadsheet

Configuration 1 [-]

cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/MewesK/TwigSpreadsheetBundle/issues/18
https://github.com/PHPOffice/PhpSpreadsheet/issues/771
https://www.bishopfox.com/news/2018/11/phpoffice-versions/
https://www.drupal.org/sa-contrib-2021-043

History

Wed, 04 Sep 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Phpoffice Phpoffice phpspreadsheet
CPEs	cpe:2.3:a:phpspreadsheet_project:phpspreadsheet::::::::	cpe:2.3:a:phpoffice:phpspreadsheet::::::::
Vendors & Products	Phpspreadsheet Project Phpspreadsheet Project phpspreadsheet	Phpoffice Phpoffice phpspreadsheet

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-11-14T11:00:00

Updated: 2024-08-05T11:30:04.281Z

Reserved: 2018-11-14T00:00:00

Link: CVE-2018-19277

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-11-14T11:29:07.920

Modified: 2024-09-04T17:45:31.283

Link: CVE-2018-19277

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-13T18:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/PHPOffice/PhpSpreadsheet/issues/771"}, {"tags": ["x_refsource_MISC"], "url": "https://www.bishopfox.com/news/2018/11/phpoffice-versions/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/MewesK/TwigSpreadsheetBundle/issues/18"}, {"tags": ["x_refsource_MISC"], "url": "https://www.drupal.org/sa-contrib-2021-043"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19277", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/PHPOffice/PhpSpreadsheet/issues/771", "refsource": "MISC", "url": "https://github.com/PHPOffice/PhpSpreadsheet/issues/771"}, {"name": "https://www.bishopfox.com/news/2018/11/phpoffice-versions/", "refsource": "MISC", "url": "https://www.bishopfox.com/news/2018/11/phpoffice-versions/"}, {"name": "https://github.com/MewesK/TwigSpreadsheetBundle/issues/18", "refsource": "MISC", "url": "https://github.com/MewesK/TwigSpreadsheetBundle/issues/18"}, {"name": "https://www.drupal.org/sa-contrib-2021-043", "refsource": "MISC", "url": "https://www.drupal.org/sa-contrib-2021-043"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:30:04.281Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/PHPOffice/PhpSpreadsheet/issues/771"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bishopfox.com/news/2018/11/phpoffice-versions/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/MewesK/TwigSpreadsheetBundle/issues/18"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.drupal.org/sa-contrib-2021-043"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-19277", "datePublished": "2018-11-14T11:00:00", "dateReserved": "2018-11-14T00:00:00", "dateUpdated": "2024-08-05T11:30:04.281Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9D0EE7B-0573-4A6F-B2B9-1AACD41680A3", "versionEndIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file"}, {"lang": "es", "value": "securityScan() en PHPOffice PhpSpreadsheet hasta la versi\u00f3n 1.5.0 permite la omisi\u00f3n de los mecanismos de protecci\u00f3n de XEE (XML External Entity) mediante el cifrado UTF-7 en un archivo .xlsx."}], "id": "CVE-2018-19277", "lastModified": "2024-09-04T17:45:31.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-11-14T11:29:07.920", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/MewesK/TwigSpreadsheetBundle/issues/18"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/PHPOffice/PhpSpreadsheet/issues/771"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.bishopfox.com/news/2018/11/phpoffice-versions/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.drupal.org/sa-contrib-2021-043"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-91"}], "source": "nvd@nist.gov", "type": "Primary"}]}