CVE-2023-30533 PoC — SheetJS 安全漏洞

Source

https://github.com/BenEdridge/CVE-2023-30533

Associated Vulnerability

Title:SheetJS 安全漏洞 (CVE-2023-30533)
Description:SheetJS是一个应用软件。一个各种电子表格格式的解析器和编写器。 SheetJS Community Edition 0.19.3之前版本存在安全漏洞，该漏洞源于允许攻击者通过制作文件进行原型污染。

Description

CVE-2023-30533

Readme

# POC - CVE-2023-30533

A POC for CVE-2023-30533

Copied as per: https://cdn.sheetjs.com/advisories/CVE-2023-30533:
>
     All releases of SheetJS Community Edition up to version 0.19.2 are affected. This includes:

     - scripts and modules on the SheetJS CDN through version 0.19.2 [2]
     - modules published with the name `xlsx` on npmjs.com [3]
     - scripts on third-party CDNs that pull from the `xlsx` package on npmjs.com [4] [5]
     - modules published with the name `sheetjs` on deno.land [6]

https://git.sheetjs.com/sheetjs/sheetjs/issues/2929


## Acknowledgements

Vsevolod Kokorin of SolidLab
https://xakep.ru/2023/06/22/sheetjs-bugs/

File Snapshot


 [4.0K]  /data/pocs/f253347717383bedb39382191fa7c3e3d2311278
├── [ 544]  index.js
├── [ 311]  package.json
├── [3.4K]  package-lock.json
├── [ 655]  README.md
└── [8.7K]  threaded_comment_bad.xlsx

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!