Sheetjs latest version (0.18.5) is reporting vulnerability #3012

New Issue

Swetha · 2023-10-16T05:17:15Z

Swetha commented

2023-10-16 05:17:15 +00:00

Hi,

We are using the latest sheetjs version 0.18.5(https://www.npmjs.com/package/xlsx) and our black duck hub tool is reporting the below vulnerability due to which we have to find alternate package.

This is the vulnerability reported which has a score of 7.8

CVE-2023-30533
(BDSA-2023-0967)
SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.

Any help in this? Any plans to remdiate this from your side? We have been using this package for the last two years, we do not want to remove its usage due to this vulnerability.

Hi, We are using the latest sheetjs version 0.18.5(https://www.npmjs.com/package/xlsx) and our black duck hub tool is reporting the below vulnerability due to which we have to find alternate package. This is the vulnerability reported which has a score of 7.8 CVE-2023-30533 (BDSA-2023-0967) SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected. Any help in this? Any plans to remdiate this from your side? We have been using this package for the last two years, we do not want to remove its usage due to this vulnerability.

sheetjs commented

2023-10-16 05:18:16 +00:00

https://docs.sheetjs.com/docs/getting-started/installation/nodejs

sheetjs closed this issue

2023-10-16 05:18:16 +00:00

Sign in to join this conversation.