CVE-2023-30533
xlsx is vulnerable to Regular Expression Denial of Service (ReDoS)
78
High Risk
This Affects:
xlsxTL;DR
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple functions, allowing an attacker to crash the system by submitting specially crafted input.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
xlsx is vulnerable to Regular Expression Denial of Service (ReDoS) in versions < 0.19.3.
How to fix this
Because of a problem with their NPM account, new versions are no longer updated. Update using the instructions found here: https://docs.sheetjs.com/docs/getting-started/installation/nodejs/. Or migrate to a community-maintained fork like @e965/xlsx.
Links
cdn.sheetjs.com/advisories/CVE-2023-30533git.sheetjs.com/sheetjs/sheetjs/issues/2986git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
SOC 2Compliant
ISO 27001Compliant