[MEDIUM] PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled

PKSA-7f9v-sb8k-krfb CVE-2024-45291 GHSA-w9xv-qf98-ccq4

Affected package: phpoffice/phpspreadsheet

Affected version: >=2.0.0,<2.1.1|<1.29.2|>=2.2.0,<2.3.0

Reported by:
GitHub