SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.
References
Link | Resource |
---|---|
https://cdn.sheetjs.com/advisories/CVE-2023-30533 | Vendor Advisory |
https://git.sheetjs.com/sheetjs/sheetjs/issues/2986 | |
https://git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md | Release Notes |
Configurations
History
07 Sep 2023, 07:15
Type | Values Removed | Values Added |
---|---|---|
Summary | SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected. | |
References |
|
02 May 2023, 18:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cdn.sheetjs.com/advisories/CVE-2023-30533 - Vendor Advisory | |
References | (MISC) https://git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md - Release Notes | |
CPE | cpe:2.3:a:sheetjs:sheetjs:*:*:*:*:*:node.js:*:* | |
First Time |
Sheetjs
Sheetjs sheetjs |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | CWE-1321 |
24 Apr 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-24 08:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-30533
Mitre link : CVE-2023-30533
CVE.ORG link : CVE-2023-30533
JSON object : View
Products Affected
sheetjs
- sheetjs
CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')