[HIGH] PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class

PKSA-jw5c-q9nd-tzj9 CVE-2024-56365 GHSA-jmpx-686v-c3wx

Affected package: phpoffice/phpspreadsheet

Affected version: >=2.2.0,<=2.3.4|>=2.0.0,<=2.1.5|<=1.29.6|>=3.0.0,<3.7.0

Reported by:
GitHub