Sheetjs latest version (0.18.5) is reporting vulnerability #3012
Labels
No Label
DBF
Dates
Defined Names
Features
Formula
HTML
Images
Infrastructure
Integration
International
ODS
Operations
Performance
PivotTables
Pro
Protection
Read Bug
SSF
SYLK
Style
Write Bug
good first issue
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: sheetjs/sheetjs#3012
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi,
We are using the latest sheetjs version 0.18.5(https://www.npmjs.com/package/xlsx) and our black duck hub tool is reporting the below vulnerability due to which we have to find alternate package.
This is the vulnerability reported which has a score of 7.8
CVE-2023-30533
(BDSA-2023-0967)
SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.
Any help in this? Any plans to remdiate this from your side? We have been using this package for the last two years, we do not want to remove its usage due to this vulnerability.
https://docs.sheetjs.com/docs/getting-started/installation/nodejs