Skip to content

Commit

Permalink
Dependency: Update xlsx version to resolve high security vulnerability
Browse files Browse the repository at this point in the history 
https://cdn.sheetjs.com/advisories/CVE-2024-22363

Summary

All versions of SheetJS CE through 0.20.1 are vulnerable to "Regular Expression Denial of Service" (ReDoS). For more details, see https://regexide.com

Categorization

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (Score 7.5 - High)

CWE-1333 Inefficient Regular Expression Complexity [1]

Remediation

Users should upgrade to version 0.20.2 or later. Official releases are available on the SheetJS CDN [2]. SheetJS CE documentation includes installation instructions for common deployments [7].
  • Loading branch information
@chazzmoney
chazzmoney authored Apr 17, 2024
1 parent e91b454 commit ea8f32c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@
"mammoth": "1.6.0",
"pdf-parse": "1.1.1",
"text-encoding": "0.7.0",
"xlsx": "https://cdn.sheetjs.com/xlsx-0.20.1/xlsx-0.20.1.tgz",
"xlsx": "https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz",
"xml2js": "0.6.2"
},
"devDependencies": {
Expand Down

0 comments on commit ea8f32c

Please sign in to comment.