[Security-news] Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054
security-news at drupal.org
security-news at drupal.org
Wed Oct 23 17:00:35 UTC 2024
View online: https://www.drupal.org/sa-contrib-2024-054
Project: Loft Data Grids [1]
Date: 2024-October-23
Security risk: *Moderately critical* 11 ∕ 25
AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon [2]
Vulnerability: Multiple vulnerabilities
Description:
This module provides serialization formats for use by other modules.
The module includes a version of phpoffice/phpspreadsheet which has multiple
known security vulnerabilities.
Solution:
If you use the Loft Data Grids module for Drupal 7.x, install one of:
* Loft Data Grids 7.x-2.7 [3] - which removes support for the XLSX format,
as the patched version requires PHP 8.
* Loft Data Grids 7.x-3.0 [4] - which includes XLSX support, by requiring
PHP 8 and Composer installation. See the module's README-file for more
information.
Reported By:
* Juraj Nemec [5] of the Drupal Security Team
Fixed By:
* Aaron Klump [6]
Coordinated By:
* Greg Knaddison [7]
* Juraj Nemec [8]
[1] https://www.drupal.org/project/loft_data_grids
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/loft_data_grids/releases/7.x-2.7
[4] https://www.drupal.org/project/loft_data_grids/releases/7.x-3.0
[5] https://www.drupal.org/user/272316
[6] https://www.drupal.org/user/142422
[7] https://www.drupal.org/u/greggles
[8] https://www.drupal.org/u/poker10
More information about the Security-news
mailing list