CVE-2023-30533
https://notcve.org/view.php?id=CVE-2023-30533
SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected. • https://github.com/BenEdridge/CVE-2023-30533 https://cdn.sheetjs.com/advisories/CVE-2023-30533 https://git.sheetjs.com/sheetjs/sheetjs/issues/2986 https://git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2021-32014
https://notcve.org/view.php?id=CVE-2021-32014
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js. SheetJS y SheetJS Pro hasta la versión 0.16.9 permiten a los atacantes provocar una denegación de servicio (consumo de CPU) a través de un documento .xlsx manipulado incorrectamente cuando es leído por xlsx.js • https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely https://sheetjs.com/pro https://www.npmjs.com/package/xlsx/v/0.17.0 https://www.oracle.com/security-alerts/cpujan2022.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-32013
https://notcve.org/view.php?id=CVE-2021-32013
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2). SheetJS y SheetJS Pro hasta la versión 0.16.9 permiten a los atacantes provocar una denegación de servicio (consumo de memoria) a través de un documento .xlsx manipulado incorrectamente al ser leído por xlsx.js (problema 2 de 2) • https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely https://sheetjs.com/pro https://www.npmjs.com/package/xlsx/v/0.17.0 https://www.oracle.com/security-alerts/cpujan2022.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-32012
https://notcve.org/view.php?id=CVE-2021-32012
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2). SheetJS y SheetJS Pro hasta la versión 0.16.9 permiten a los atacantes provocar una denegación de servicio (consumo de memoria) a través de un documento .xlsx manipulado incorrectamente al ser leído por xlsx.js (problema 1 de 2) • https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely https://sheetjs.com/pro https://www.npmjs.com/package/xlsx/v/0.17.0 https://www.oracle.com/security-alerts/cpujan2022.html • CWE-400: Uncontrolled Resource Consumption •