Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054
  • Date: Wed, 23 Oct 2024 17:00:35 +0000 (UTC)
  • Authentication-results: lists.piratenpartei.de; dkim=pass header.d=drupal.org header.s=default header.b=Ku9yaY9w; spf=pass (lists.piratenpartei.de: domain of security-news-bounces AT drupal.org designates 2605:bc80:3010::133 as permitted sender) smtp.mailfrom=security-news-bounces AT drupal.org; dmarc=pass (policy=none) header.from=drupal.org
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 497C0416EA
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 6260C406DE
  • List-archive: <http://lists.drupal.org/pipermail/security-news/>
  • List-id: <security-news.drupal.org>
View online: https://www.drupal.org/sa-contrib-2024-054

Project: Loft Data Grids [1]
Date: 2024-October-23
Security risk: *Moderately critical* 11 ∕ 25
AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon [2]
Vulnerability: Multiple vulnerabilities

Description: 
This module provides serialization formats for use by other modules.

The module includes a version of phpoffice/phpspreadsheet which has multiple
known security vulnerabilities.

Solution: 
If you use the Loft Data Grids module for Drupal 7.x, install one of:

* Loft Data Grids 7.x-2.7 [3] - which removes support for the XLSX format,
as the patched version requires PHP 8.
* Loft Data Grids 7.x-3.0 [4] - which includes XLSX support, by requiring
PHP 8 and Composer installation. See the module's README-file for more
information.

Reported By: 
* Juraj Nemec [5] of the Drupal Security Team

Fixed By: 
* Aaron Klump [6]

Coordinated By: 
* Greg Knaddison [7]
* Juraj Nemec [8]


[1] https://www.drupal.org/project/loft_data_grids
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/loft_data_grids/releases/7.x-2.7
[4] https://www.drupal.org/project/loft_data_grids/releases/7.x-3.0
[5] https://www.drupal.org/user/272316
[6] https://www.drupal.org/user/142422
[7] https://www.drupal.org/u/greggles
[8] https://www.drupal.org/u/poker10

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

  • [IT-SecNots] [Security-news] Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-054, security-news, 23.10.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang