Project:
Date:
2024-October-23
Security risk:
Vulnerability:
Multiple vulnerabilities
CVE IDs:
CVE-2024-45048
CVE-2024-45293
CVE-2024-45292
CVE-2024-45291
CVE-2024-45290
CVE-2024-45060
CVE-2024-45048
CVE-2024-45046
CVE-2018-19277
Description:
This module provides serialization formats for use by other modules.
The module includes a version of phpoffice/phpspreadsheet which has multiple known security vulnerabilities.
Solution:
If you use the Loft Data Grids module for Drupal 7.x, install one of:
- Loft Data Grids 7.x-2.7 - which removes support for the XLSX format, as the patched version requires PHP 8.
- Loft Data Grids 7.x-3.0 - which includes XLSX support, by requiring PHP 8 and Composer installation. See the module's README-file for more information.
Reported By:
- Juraj Nemec of the Drupal Security Team
Fixed By:
Coordinated By:
- Greg Knaddison of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team
- Ivo Van Geertruyen of the Drupal Security Team