[HIGH] PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file

PKSA-xk3k-rd1m-pxmg CVE-2024-45290 GHSA-5gpr-w2p5-6m37

Affected package: phpoffice/phpspreadsheet

Affected version: >=2.0.0,<2.1.1|<1.29.2|>=2.2.0,<2.3.0

Reported by:
GitHub