GHSA-xmc8-cjfr-phx3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xmc8-cjfr-phx3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/03/GHSA-xmc8-cjfr-phx3/GHSA-xmc8-cjfr-phx3.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-xmc8-cjfr-phx3
- Aliases
- Published
- 2019-03-18T15:59:32Z
- Modified
- 2023-11-01T04:49:22.456933Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Regular Expression Denial of Service in highcharts
- Details
-
Versions of
highchartsprior to 6.1.0 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.Recommendation
Upgrade to version 6.1.0 or higher.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T22:03:47Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-1333" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-20801
- https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa
- https://github.com/advisories/GHSA-xmc8-cjfr-phx3
- https://github.com/highcharts/highcharts
- https://security.netapp.com/advisory/ntap-20190715-0001
- https://snyk.io/vuln/npm:highcharts:20180225
- https://www.npmjs.com/advisories/793
Affected packages
npm / highcharts
Package
- Name
- highcharts
- View open source insights on deps.dev
- Purl
- pkg:npm/highcharts