CVE-2018-20801
HIGH7.5EPSS 0.47%Regular Expression Denial of Service in highcharts
發布日:2019/3/18修改日:2023/11/8
描述
Versions of `highcharts` prior to 6.1.0 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service. ## Recommendation Upgrade to version 6.1.0 or higher.
受影響套件(1)
- npm/highchartsfrom 0, < 6.1.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-xmc8-cjfr-phx3
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-20801
- PATCHhttps://github.com/highcharts/highcharts
- WEBhttps://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa
- WEBhttps://security.netapp.com/advisory/ntap-20190715-0001
- WEBhttps://snyk.io/vuln/npm:highcharts:20180225
- WEBhttps://www.npmjs.com/advisories/793