GHSA-4r6h-8v6p-xvw6

Source
https://github.com/advisories/GHSA-4r6h-8v6p-xvw6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-4r6h-8v6p-xvw6/GHSA-4r6h-8v6p-xvw6.json
Aliases
  • CVE-2023-30533
Published
2023-04-24T09:30:19Z
Modified
2023-11-08T04:12:24.561734Z
Details

All versions of SheetJS CE through 0.19.2 are vulnerable to "Prototype Pollution" when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected.

A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained.

References

Affected packages

npm / xlsx

Package

Name
xlsx

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.19.3