PT-2019-10243 · Highcharts · Highcharts Js

Publicado

2019-03-14

Atualizado

2019-07-15

CVE-2018-20801

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Highcharts JS versions prior to 6.1.0

Description: The issue concerns a denial of service attack against the SVGRenderer component due to the use of backtracking regular expressions. Untrusted input may cause catastrophic backtracking while matching regular expressions, leading to the application being unresponsive and resulting in a denial of service.

Recommendations: For Highcharts JS versions prior to 6.1.0, upgrade to version 6.1.0 or higher.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-185CWE-1333

Identificadores relacionados

CVE-2018-20801

GHSA-XMC8-CJFR-PHX3

Produtos afetados

Highcharts Js

PT-2019-10243 · Highcharts · Highcharts Js

CVE-2018-20801

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10