GHSA-8vcr-vxm8-293m

Source

https://github.com/advisories/GHSA-8vcr-vxm8-293m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-8vcr-vxm8-293m/GHSA-8vcr-vxm8-293m.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8vcr-vxm8-293m

Aliases

CVE-2021-32013

Published

2021-07-22T19:48:13Z

Modified

2024-02-17T05:34:35.495962Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Denial of Service in SheetsJS Pro

Details

SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).

Database specific

{
    "github_reviewed": true,
    "severity": "MODERATE",
    "github_reviewed_at": "2021-07-19T21:41:18Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "nvd_published_at": "2021-07-19T14:15:00Z"
}

References

Affected packages

npm / xlsx

Package

Name: xlsx; View open source insights on deps.dev
Purl: pkg:npm/xlsx

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.17.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-8vcr-vxm8-293m/GHSA-8vcr-vxm8-293m.json"

Maven / org.webjars.npm:xlsx

Package

Name: org.webjars.npm:xlsx; View open source insights on deps.dev
Purl: pkg:maven/org.webjars.npm/xlsx

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.17.0

Affected versions

0.*

0.8.0

0.9.13

0.12.5

0.12.11

0.12.13

0.14.0

0.14.1

0.14.3

0.14.5

0.15.1

0.15.2

0.15.3

0.15.4

0.15.5

0.15.6

0.16.6

0.16.7

0.16.8

0.16.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-8vcr-vxm8-293m/GHSA-8vcr-vxm8-293m.json"