Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-22363. PoCs published by weareu.
AI-analyzed exploit summary This repository appears to be a fork or snapshot of the SheetJS library (xlsx) with no exploit code or technical analysis related to CVE-2024-22363. The files are standard library components (minified JS, type definitions, changelog, and README).
Description
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS).
Exploits (1)
nomisec
STUB
by weareu · poc
https://github.com/weareu/xlsx
This repository appears to be a fork or snapshot of the SheetJS library (xlsx) with no exploit code or technical analysis related to CVE-2024-22363. The files are standard library components (minified JS, type definitions, changelog, and README).
Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
SheetJS xlsx
No auth needed
devstral-2 · analyzed Feb 20, 2026
Full analysis →
References (3)
Core 3
Core References
Various Sources
https://git.sheetjs.com/sheetjs/sheetjs/src/tag/v0.20.2
Various Sources
https://cdn.sheetjs.com/advisories/CVE-2024-22363
Various Sources
https://cwe.mitre.org/data/definitions/1333.html
Scores
CVSS v3
7.5
EPSS
0.0014
EPSS Percentile
33.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1333
Status
published
Products (1)
npm/xlsx
0npm
Published
Apr 05, 2024
Tracked Since
Feb 18, 2026