CVE-2023-30533

Name of the Vulnerable Software and Affected Versions SheetJS Community Edition versions prior to 0.19.3

Description The issue is related to a Prototype Pollution vulnerability, which can be exploited by a remote attacker using a specially crafted file, potentially allowing for unauthorized actions. The SheetJS Community Edition receives over 2 million weekly downloads, and versions prior to 0.19.3 are affected. Workflows that do not read arbitrary files are unaffected.

Recommendations For versions prior to 0.19.3, consider avoiding the use of the affected functionality until a fixed version is available. As a temporary workaround, restrict the reading of arbitrary files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.