Open mend-bolt-for-github[bot] opened 4 months ago
SheetJS Spreadsheet data parser and writer
Library home page: https://registry.npmjs.org/xlsx/-/xlsx-0.16.9.tgz
Path to dependency file: /utility-emissions-channel/docker-compose-setup/package.json
Path to vulnerable library: /utility-emissions-channel/docker-compose-setup/node_modules/xlsx/package.json
Dependency Hierarchy: - :x: **xlsx-0.16.9.tgz** (Vulnerable Library)
Found in HEAD commit: d388e16464e00b9ce84df0d247029f534a429b90
Found in base branch: main
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).
Publish Date: 2024-04-05
URL: CVE-2024-22363
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Step up your Open Source Security Game with Mend here
CVE-2024-22363 - High Severity Vulnerability
SheetJS Spreadsheet data parser and writer
Library home page: https://registry.npmjs.org/xlsx/-/xlsx-0.16.9.tgz
Path to dependency file: /utility-emissions-channel/docker-compose-setup/package.json
Path to vulnerable library: /utility-emissions-channel/docker-compose-setup/node_modules/xlsx/package.json
Dependency Hierarchy: - :x: **xlsx-0.16.9.tgz** (Vulnerable Library)
Found in HEAD commit: d388e16464e00b9ce84df0d247029f534a429b90
Found in base branch: main
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).
Publish Date: 2024-04-05
URL: CVE-2024-22363
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here