CVE-2021-32014

CVSS v3.1 5.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.06 % (28^th)

Affected Products 3

Advisories 2

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.

Weaknesses

CWE-400: Uncontrolled Resource Consumption

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-07-19 14:15:08
(3 years ago)
Updated Date: 2022-02-28 20:33:58
(2 years ago)

Affected Products

Oracle

Rest Data Services

Sheetjs

Sheetjs
Sheetjs Pro

Configuration #1

		CPE23	From	Up To
	Sheetjs for Node.js 0.16.9 and prior versions	cpe:2.3:a:sheetjs:sheetjs::::::node.js		<= 0.16.9
	Sheetjs Pro for Node.js 0.16.9 and prior versions	cpe:2.3:a:sheetjs:sheetjs_pro::::::node.js		<= 0.16.9

Configuration #2

		CPE23	From	Up To
	Oracle Rest Data Services prior 21.2.4 version	cpe:2.3:a:oracle:rest_data_services		< 21.2.4