PT-2019-10243 · Highcharts · Highcharts Js

Published

2019-03-14

Updated

2019-07-15

CVE-2018-20801

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Highcharts JS versions prior to 6.1.0

Description: The issue concerns a denial of service attack against the SVGRenderer component due to the use of backtracking regular expressions. Untrusted input may cause catastrophic backtracking while matching regular expressions, leading to the application being unresponsive and resulting in a denial of service.

Recommendations: For Highcharts JS versions prior to 6.1.0, upgrade to version 6.1.0 or higher.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-185CWE-1333

Related Identifiers

CVE-2018-20801

GHSA-XMC8-CJFR-PHX3

Affected Products

Highcharts Js

PT-2019-10243 · Highcharts · Highcharts Js

CVE-2018-20801

Weakness Enumeration

Related Identifiers

Affected Products

References · 10