GHSA-4r6h-8v6p-xvw6

Suggest an improvement
Source
https://github.com/advisories/GHSA-4r6h-8v6p-xvw6
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-4r6h-8v6p-xvw6/GHSA-4r6h-8v6p-xvw6.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4r6h-8v6p-xvw6
Aliases
  • CVE-2023-30533
Published
2023-04-24T09:30:19Z
Modified
2023-11-08T04:12:24.561734Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Prototype Pollution in sheetJS
Details

All versions of SheetJS CE through 0.19.2 are vulnerable to "Prototype Pollution" when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected.

A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained.

Database specific
{
    "nvd_published_at": "2023-04-24T08:15:07Z",
    "cwe_ids": [
        "CWE-1321"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-24T22:40:42Z"
}
References

Affected packages

npm / xlsx

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.19.3