CVE-2018-20801
HIGH7.5EPSS 0.47%Regular Expression Denial of Service in highcharts
Published: 3/18/2019Modified: 11/8/2023
Also known as:GHSA-xmc8-cjfr-phx3
Description
Versions of `highcharts` prior to 6.1.0 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. ## Recommendation Upgrade to version 6.1.0 or higher.
Affected packages (1)
- npm/highchartsfrom 0, < 6.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-xmc8-cjfr-phx3
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-20801
- PATCHhttps://github.com/highcharts/highcharts
- WEBhttps://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa
- WEBhttps://security.netapp.com/advisory/ntap-20190715-0001
- WEBhttps://snyk.io/vuln/npm:highcharts:20180225
- WEBhttps://www.npmjs.com/advisories/793