CVE-2021-32012

MEDIUM

SheetJS and SheetJS Pro < 0.16.9 - Denial of Service via Crafted XLSX Document

Title source: llm
STIX 2.1

Description

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2).

References (4)

Core 4
Core References
Product, Vendor Advisory x_refsource_misc
https://sheetjs.com/pro
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Product, Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/xlsx/v/0.17.0

Scores

CVSS v3 5.5
EPSS 0.0021
EPSS Percentile 43.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (5)
npm/xlsx 0 - 0.17.0npm
oracle/rest_data_services < 21.2.4
org.webjars.npm/xlsx 0 - 0.17.0Maven
sheetjs_project/sheetjs < 0.16.9
sheetjs_project/sheetjs_pro < 0.16.9
Published Jul 19, 2021
Tracked Since Feb 18, 2026