Regular Expression Denial of Service in highcharts - highcharts

Severity:: High

Description

Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Recommendation

Update the highcharts package to the latest compatible version. Followings are version details:

Affected version(s): < 6.1.0
Patched version(s): 6.1.0

References

GHSA-xmc8-cjfr-phx3
www.npmjs.com
snyk.io
security.netapp.com
CVE-2018-20801
CWE-1333
CAPEC-310
OWASP 2021-A6

Related Issues

uap-core Regular Expression Denial of Service issue - CVE-2018-20164
Regular Expression Denial of Service in ssri - CVE-2018-7651
Regular Expression Denial of Service in sshpk - CVE-2018-3737
Marked allows Regular Expression Denial of Service (ReDoS) attacks - CVE-2018-25110

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; highcharts

Anything's wrong? Let us know Last updated on April 11, 2023