[MEDIUM] PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled

PKSA-gn6r-3fbg-vpq7 CVE-2024-45291 GHSA-w9xv-qf98-ccq4

Affected package: phpoffice/phpexcel

Affected version: <=1.8.2

Reported by:
GitHub