sheetjs
/
sheetjs
24
Fork 25
Code Issues 176 Pull Requests 12 Wiki Activity

Vulnerability Found #1904

New Issue
Closed
opened 2020-04-15 20:35:12 +00:00 by atcazzual · 3 comments
atcazzual commented 2020-04-15 20:35:12 +00:00 (Migrated from github.com)
Copy Link

I would like to report a vulnerability in SheetJS.

I've sent an email to sheetjs@gmail.com with the details and an attached Proof of Concept (PoC).

I would like to report a vulnerability in SheetJS. I've sent an email to sheetjs@gmail.com with the details and an attached Proof of Concept (PoC).
SheetJSDev commented 2020-04-15 21:42:05 +00:00 (Migrated from github.com)
Copy Link

Thanks for reporting! Sent a reply.

Thanks for reporting! Sent a reply.
lmshaffe commented 2020-04-28 15:08:55 +00:00 (Migrated from github.com)
Copy Link

This vulnerability popped up in Veracode for us and had a reference link to this issue. Just curious if there is a plan to work on this. I also don't know hot to test to see if our application is actually affected by this.

This vulnerability popped up in Veracode for us and had a reference link to this issue. Just curious if there is a plan to work on this. I also don't know hot to test to see if our application is actually affected by this.
huntr-helper commented 2020-08-21 11:31:59 +00:00 (Migrated from github.com)
Copy Link

‎‍🛠️ A fix has been provided for this issue. Please reference: https://github.com/418sec/sheetjs/pull/1

🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.

‎‍🛠️ A fix has been provided for this issue. Please reference: https://github.com/418sec/sheetjs/pull/1 🔥 This fix has been provided through the https://huntr.dev/ bug bounty platform.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
sankhavaramsaitulasiram/feat-fix-2752
maybeswapnil/issue2737
gh-pages
scottysseus/2560_2
ivan-trusov/fix-basedate
nandanv2702/issue_1300
protobi/master
ThomasChan/master
grantfayvor/master
tom-groves/bug-1105/rounding-error
mgreter/master
v0.20.2
v0.20.1
v0.20.0
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.12
v0.18.11
v0.18.10
v0.18.9
v0.18.8
v0.18.7
v0.18.5
v0.18.4
v0.18.3
v0.18.2
v0.18.1
v0.18.0
v0.17.5
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.8
v0.16.7
v0.16.6
v0.16.5
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.6
v0.15.5
v0.15.2
v0.14.0
v0.13.5
v0.13.4
v0.13.3
v0.13.1
v0.13.0
v0.12.13
v0.12.12
v0.12.11
v0.12.10
v0.12.9
v0.12.8
v0.12.7
v0.12.6
v0.12.5
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.19
v0.11.18
v0.11.17
v0.11.16
v0.11.15
v0.11.14
v0.11.13
v0.11.12
v0.11.11
v0.11.10
v0.11.9
v0.11.8
v0.11.7
v0.11.6
v0.11.5
v0.11.4
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.9
v0.10.8
v0.10.7
v0.10.6
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.13
v0.9.12
v0.9.11
v0.9.10
v0.9.9
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.11
v0.7.10
v0.7.9
v0.7.7
v0.7.6-i
v0.7.6-h
v0.7.6-a
v0.7.6
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.5.10
v0.5.9
v0.5.8
v0.5.7
v0.5.0
v0.4.3
Labels
Clear labels   
DBF

   
Dates

   
Defined Names

   
Features

   
Formula

   
HTML

   
Images

   
Infrastructure

   
Integration

   
International

   
ODS

   
Operations

   
Performance

   
PivotTables

   
Pro

   
Protection

   
Read Bug

   
SSF

   
SYLK

   
Style

   
Write Bug

   
good first issue
No Label
DBF
Dates
Defined Names
Features
Formula
HTML
Images
Infrastructure
Integration
International
ODS
Operations
Performance
PivotTables
Pro
Protection
Read Bug
SSF
SYLK
Style
Write Bug
good first issue
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sheetjs/sheetjs#1904
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?