Lucene search

OpenJS FoundationFRIENDSOFPHP:PHPOFFICE:PHPSPREADSHEET:CVE-2019-12331

HistoryJul 01, 2019 - 12:55 p.m.

XXE Vulnerability

2019-07-0112:55:00

OpenJS Foundation

github.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

61.6%

JSON

This is: - [ ] a bugfix - [ ] a new feature - [X] security Checklist: Changes are covered by unit tests Code style is respected Commit message explains why the change is made (see https://github.com/erlang/otp/wiki/Writing-good-commit-messages) CHANGELOG.md contains a short summary of the change Documentation is updated as necessary Why this change is needed? Security fix for CVE-2019-12331

Affected configurations

Vulners

Node

phpofficephpspreadsheetRange<1.8.0

VendorProductVersionCPE
phpofficephpspreadsheet*cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpoffice	phpspreadsheet	*	cpe:2.3:a:phpoffice:phpspreadsheet::::::::

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

61.6%

JSON

Related for FRIENDSOFPHP:PHPOFFICE:PHPSPREADSHEET:CVE-2019-12331