Open mend-bolt-for-github[bot] opened 3 years ago
SheetJS Spreadsheet data parser and writer
Library home page: https://registry.npmjs.org/xlsx/-/xlsx-0.16.9.tgz
Path to dependency file: /utility-emissions-channel/docker-compose-setup/package.json
Path to vulnerable library: /utility-emissions-channel/docker-compose-setup/node_modules/xlsx/package.json
Dependency Hierarchy: - :x: **xlsx-0.16.9.tgz** (Vulnerable Library)
Found in HEAD commit: d388e16464e00b9ce84df0d247029f534a429b90
Found in base branch: main
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).
Publish Date: 2021-07-19
URL: CVE-2021-32012
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32012
Release Date: 2021-07-19
Fix Resolution: 0.17.0
Step up your Open Source Security Game with Mend here
CVE-2021-32012 - Medium Severity Vulnerability
SheetJS Spreadsheet data parser and writer
Library home page: https://registry.npmjs.org/xlsx/-/xlsx-0.16.9.tgz
Path to dependency file: /utility-emissions-channel/docker-compose-setup/package.json
Path to vulnerable library: /utility-emissions-channel/docker-compose-setup/node_modules/xlsx/package.json
Dependency Hierarchy: - :x: **xlsx-0.16.9.tgz** (Vulnerable Library)
Found in HEAD commit: d388e16464e00b9ce84df0d247029f534a429b90
Found in base branch: main
SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).
Publish Date: 2021-07-19
URL: CVE-2021-32012
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32012
Release Date: 2021-07-19
Fix Resolution: 0.17.0
Step up your Open Source Security Game with Mend here