xlsx is vulnerable to Prototype Pollution
78
High Risk
Affected versions of this package are vulnerable to prototype pollution when processing a specially crafted file. An attacker able to supply malicious input may inject or modify properties on JavaScript object prototypes, potentially leading to unexpected application behavior, security control bypasses, denial of service, or other impacts depending on how the application uses affected objects.
You are affected if you are using a version that falls within the vulnerable range.
xlsx is vulnerable to Prototype Pollution in versions < 0.19.3.
Because of a problem with their NPM account, new versions are no longer updated. Update using the instructions found here: https://docs.sheetjs.com/docs/getting-started/installation/nodejs/. Or migrate to a community-maintained fork like @e965/xlsx.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant