Description
The vulnerability allows for reading and outputting files served by other services on the internal network in which the export server is hosted. If the export server is exposed to the internet, this potentially allows a malicious user to gain read access to internal web-resources.
The impact is limited to internal services that serve content via.
Recommendation
Update the highcharts-export-server package to the latest compatible version. Followings are version details:
- Affected version(s): <= 2.0.30
- Patched version(s): 2.1.0
References
Related Issues
- Finance.js vulnerable to DoS via the seekZero() parameter - CVE-2025-56572
- Stimulsoft Dashboard.JS directory traversal vulnerability - CVE-2024-24398
- Inefficient Regular Expression Complexity in handsontable - CVE-2021-23446
- Regular Expression Denial of Service in jquery-validation - CVE-2021-21252
- Tags:
- npm
- highcharts-export-server
Anything's wrong? Let us know Last updated on January 09, 2023