CVE-2023-30533: 
JavaScript vulnerability analysis and mitigation

SheetJS Community Edition versions before 0.19.3 are affected by a prototype pollution vulnerability (CVE-2023-30533). The vulnerability allows attackers to perform prototype pollution attacks through crafted files. Versions 0.19.2 and earlier are affected, while version 0.19.3 and later are unaffected (SheetJS Advisory).

The vulnerability is classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes) and has received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue specifically affects workflows that read arbitrary files, while operations like exporting data to spreadsheet files are not impacted (NVD, SheetJS Advisory).

When exploited, the vulnerability could lead to prototype pollution attacks, potentially affecting the confidentiality, integrity, and availability of the affected systems. The vulnerability impacts various distribution channels including scripts and modules on the SheetJS CDN, modules published as 'xlsx' on npmjs.com, scripts on third-party CDNs, and modules published as 'sheetjs' on deno.land (SheetJS Advisory).

Users are advised to upgrade to SheetJS Community Edition version 0.19.3 or later to address this vulnerability. The fix was implemented in version 0.19.3, which specifically addressed the prototype pollution vulnerability (SheetJS Advisory, SheetJS Changelog).