Описание
Regular Expression Denial of Service in highcharts
Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Recommendation
Upgrade to version 6.1.0 or higher.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-20801
- https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa
- https://github.com/advisories/GHSA-xmc8-cjfr-phx3
- https://security.netapp.com/advisory/ntap-20190715-0001
- https://snyk.io/vuln/npm:highcharts:20180225
- https://www.npmjs.com/advisories/793
Пакеты
Наименование
highcharts
npm
Затронутые версииВерсия исправления
< 6.1.0
6.1.0
Связанные уязвимости
CVSS3: 7.5
nvd
почти 7 лет назад
In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.