Regular Expression Denial of Service in highcharts (GHSA-xmc8-cjfr-phx3)
- Severity:
- High
Description
Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Recommendation
Update the highcharts package to the latest compatible version. Followings are version details:
- Affected version(s): < 6.1.0
- Patched version(s): 6.1.0
References
- GHSA-xmc8-cjfr-phx3
- www.npmjs.com
- snyk.io
- security.netapp.com
- CVE-2018-20801
- CWE-1333
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Regular Expression Denial of Service (ReDoS) in lodash (GHSA-x5rq-j2xg-h7qm) 2 - CVE-2019-1010266
- Regular Expression Denial of Service in marked (GHSA-x5pg-88wf-qq4p) - CVE-2017-16114
- Regular Expression Denial of Service in ssri - CVE-2018-7651
- regular expression denial of service (ReDoS) (GHSA-r92x-f52r-x54g) - CVE-2020-26289
- Tags:
- npm
- highcharts
Anything's wrong? Let us know Last updated on April 11, 2023