CVE-2021-23446

Опубликовано: 29 сент. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.

Ссылки

https://github.com/handsontable/handsontable/issues/8752
Third Party Advisory
https://github.com/handsontable/handsontable/pull/8742
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-DOTNET-HANDSONTABLE-1726793
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1726795
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1726796
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBHANDSONTABLE-1726794
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1726797
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-HANDSONTABLE-1726770
Exploit
Third Party Advisory
https://github.com/handsontable/handsontable/issues/8752
Third Party Advisory
https://github.com/handsontable/handsontable/pull/8742
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-DOTNET-HANDSONTABLE-1726793
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1726795
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1726796
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBHANDSONTABLE-1726794
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1726797
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-HANDSONTABLE-1726770
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:handsontable:handsontable:*:*:*:*:*:node.js:*:*

Версия до 10.0.0 (исключая)

EPSS

Процентиль: 52%

0.00287

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1333

Связанные уязвимости

GHSA-hf66-r44g-p7j9