Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-30533 PoC — SheetJS 安全漏洞

Source
https://github.com/BenEdridge/CVE-2023-30533
Associated Vulnerability
Title:SheetJS 安全漏洞 (CVE-2023-30533)
Description:SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.
Description
CVE-2023-30533
Readme
# POC - CVE-2023-30533

A POC for CVE-2023-30533

Copied as per: https://cdn.sheetjs.com/advisories/CVE-2023-30533:
>
     All releases of SheetJS Community Edition up to version 0.19.2 are affected. This includes:

     - scripts and modules on the SheetJS CDN through version 0.19.2 [2]
     - modules published with the name `xlsx` on npmjs.com [3]
     - scripts on third-party CDNs that pull from the `xlsx` package on npmjs.com [4] [5]
     - modules published with the name `sheetjs` on deno.land [6]

https://git.sheetjs.com/sheetjs/sheetjs/issues/2929


## Acknowledgements

Vsevolod Kokorin of SolidLab
https://xakep.ru/2023/06/22/sheetjs-bugs/
File Snapshot

 [4.0K]  /data/pocs/f253347717383bedb39382191fa7c3e3d2311278
├── [ 544]  index.js
├── [ 311]  package.json
├── [3.4K]  package-lock.json
├── [ 655]  README.md
└── [8.7K]  threaded_comment_bad.xlsx

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →