SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.
References
Link | Resource |
---|---|
https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/ | Third Party Advisory |
https://sheetjs.com/pro | Product Vendor Advisory |
https://www.npmjs.com/package/xlsx/v/0.17.0 | Product Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/ | Third Party Advisory |
https://sheetjs.com/pro | Product Vendor Advisory |
https://www.npmjs.com/package/xlsx/v/0.17.0 | Product Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 06:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://floqast.com/engineering-blog/post/fuzzing-and-parsing-securely/ - Third Party Advisory | |
References | () https://sheetjs.com/pro - Product, Vendor Advisory | |
References | () https://www.npmjs.com/package/xlsx/v/0.17.0 - Product, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory |
Information
Published : 2021-07-19 14:15
Updated : 2024-11-21 06:06
NVD link : CVE-2021-32014
Mitre link : CVE-2021-32014
CVE.ORG link : CVE-2021-32014
JSON object : View
Products Affected
oracle
- rest_data_services
sheetjs
- sheetjs_pro
- sheetjs
CWE
CWE-400
Uncontrolled Resource Consumption