PT-2021-19625 · Sheetjs+2 · Sheetjs+2

Published

2021-07-19

Updated

2022-02-28

CVE-2021-32012

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: SheetJS versions through 0.16.9 SheetJS Pro versions through 0.16.9

Description: The issue allows attackers to cause a denial of service due to memory consumption via a crafted .xlsx document that is mishandled when read by xlsx.js.

Recommendations: For SheetJS versions through 0.16.9, update to a version later than 0.16.9 to resolve the issue. For SheetJS Pro versions through 0.16.9, update to a version later than 0.16.9 to resolve the issue. As a temporary workaround, consider restricting the use of xlsx.js to minimize the risk of exploitation.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2021-32012

GHSA-3X9F-74H4-2FQR

Affected Products

Sheetjs

Sheetjs Pro

Xlsx.Js

PT-2021-19625 · Sheetjs+2 · Sheetjs+2

CVE-2021-32012

Weakness Enumeration

Related Identifiers

Affected Products

References · 9