CVE-2018-20801

Published: Mar 14, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.

Affected (1)

Products: Highcharts: Highcharts

Highcharts

1 product

Highcharts

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Highcharts Highcharts	Before 6.1.0

Related CWEs

CWE-185

Incorrect Regular Expression

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

References (6)

https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa

Source: cve@mitre.org

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20190715-0001/

Source: cve@mitre.org

https://snyk.io/vuln/npm:highcharts:20180225

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20190715-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

https://snyk.io/vuln/npm:highcharts:20180225

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.