A POC for CVE-2023-30533
Copied as per: https://cdn.sheetjs.com/advisories/CVE-2023-30533:
All releases of SheetJS Community Edition up to version 0.19.2 are affected. This includes:
- scripts and modules on the SheetJS CDN through version 0.19.2 [2]
- modules published with the name `xlsx` on npmjs.com [3]
- scripts on third-party CDNs that pull from the `xlsx` package on npmjs.com [4] [5]
- modules published with the name `sheetjs` on deno.land [6]
https://git.sheetjs.com/sheetjs/sheetjs/issues/2929
Vsevolod Kokorin of SolidLab https://xakep.ru/2023/06/22/sheetjs-bugs/