GHSA-4r6h-8v6p-xvw6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4r6h-8v6p-xvw6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-4r6h-8v6p-xvw6/GHSA-4r6h-8v6p-xvw6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4r6h-8v6p-xvw6
- Aliases
-
- CVE-2023-30533
- Published
- 2023-04-24T09:30:19Z
- Modified
- 2023-11-08T04:12:24.561734Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Prototype Pollution in sheetJS
- Details
-
All versions of SheetJS CE through 0.19.2 are vulnerable to "Prototype Pollution" when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected.
A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package
xlsxare no longer maintained. - Database specific
{ "nvd_published_at": "2023-04-24T08:15:07Z", "cwe_ids": [ "CWE-1321" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-04-24T22:40:42Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-30533
- https://cdn.sheetjs.com/advisories/CVE-2023-30533
- https://git.sheetjs.com/sheetjs/sheetjs
- https://git.sheetjs.com/sheetjs/sheetjs/issues/2667
- https://git.sheetjs.com/sheetjs/sheetjs/issues/2986
- https://git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md
Affected packages
npm / xlsx
Package
- Name
- xlsx
- View open source insights on deps.dev
- Purl
- pkg:npm/xlsx