Miggo Logo
Miggo Vulnerability Database
CVE-2023-30533

CVE-2023-30533: Prototype Pollution in sheetJS

7.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-30533
GHSA ID
GHSA-4r6h-8v6p-xvw6
EPSS Score
0.87764%
CWE
CWE-1321
Published
4/24/2023
Updated
11/6/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
xlsxnpm< 0.19.30.19.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided data contains no actual code patches or specific file changes to analyze. The CHANGELOG.md entry for v0.19.3 only states 'Fixed "Prototype Pollution" vulnerability' without technical details. While the vulnerability occurs during file parsing, we cannot identify specific functions without seeing the security-related code changes. The advisory mentions input validation improvements but provides no function names. Without concrete patch evidence showing modified functions or vulnerable code patterns, we cannot reliably identify exact vulnerable functions meeting the required confidence threshold.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ll v*rsions o* S***tJS ** t*rou** *.**.* *r* vuln*r**l* to "Prototyp* Pollution" w**n r***in* sp**i*lly *r**t** *il*s. Work*lows t**t *o not r*** *r*itr*ry *il*s (*or *x*mpl*, *xportin* **t* to spr***s***t *il*s) *r* un*****t**. * non-vuln*r**l* v*

Reasoning

T** provi*** **t* *ont*ins no **tu*l *o** p*t***s or sp**i*i* *il* ***n**s to *n*lyz*. T** `***N**LO*.m*` *ntry *or v*.**.* only st*t*s '*ix** "Prototyp* Pollution" vuln*r**ility' wit*out t***ni**l **t*ils. W*il* t** vuln*r**ility o**urs *urin* *il*