npm package
xlsx
pkg:npm/xlsx
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-22363 | Hig | 7.5 | >= 0 | — | Apr 5, 2024 | SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS). | |
| CVE-2023-30533 | — | >= 0 | — | Apr 24, 2023 | SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected. | ||
| CVE-2021-32014 | — | < 0.17.0 | 0.17.0 | Jul 19, 2021 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js. | ||
| CVE-2021-32013 | — | < 0.17.0 | 0.17.0 | Jul 19, 2021 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2). | ||
| CVE-2021-32012 | — | < 0.17.0 | 0.17.0 | Jul 19, 2021 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2). |
- affected >= 0
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).
- CVE-2023-30533Apr 24, 2023affected >= 0
SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.
- CVE-2021-32014Jul 19, 2021affected < 0.17.0fixed 0.17.0
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.
- CVE-2021-32013Jul 19, 2021affected < 0.17.0fixed 0.17.0
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2).
- CVE-2021-32012Jul 19, 2021affected < 0.17.0fixed 0.17.0
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).