CVE-2023-29887: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

April 18, 2023 (updated April 27, 2023)

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.

References

nvd.nist.gov/vuln/detail/CVE-2023-29887
research.hisolutions.com/2023/01/arbitrary-file-read-vulnerability-php-library-nuovo-spreadsheet-reader-0-5-11/

Detect and mitigate CVE-2023-29887 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →