CVE-2023-30533

ADVISORY - github

Summary

All versions of SheetJS CE through 0.19.2 are vulnerable to "Prototype Pollution" when reading specially crafted files. Workflows that do not read arbitrary files (for example, exporting data to spreadsheet files) are unaffected.

A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained. Version 0.19.3 can be downloaded via https://cdn.sheetjs.com/.

EPSS Score⁠: 0.03841 (0.878)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADVISORY - github

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-1321⁠

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

3 years ago

UPDATED

10 months ago

ADVISORY IDCVE-2023-30533⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.8high

GitHub

CREATED

3 years ago

UPDATED

3 months ago

ADVISORY IDGHSA-4r6h-8v6p-xvw6⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.8high

GitLab

CREATED

3 years ago

UPDATED

3 months ago

ADVISORY ID

CVE-2023-30533

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-1321⁠CWE-937⁠

CVSS SCORE

7.8high

intheWild

CREATED

9 months ago

UPDATED

9 months ago

ADVISORY IDCVE-2023-30533⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY