CVE-2021-23446

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions handsontable versions 0 through 10.0.0 (excluding 10.0.0)

Description The issue concerns a Regular Expression Denial of Service (ReDoS) in the Handsontable.helper.isNumeric function. This affects the handsontable package, making it vulnerable to denial of service attacks due to inefficient regular expression handling.

Recommendations For handsontable versions 0 through 10.0.0 (excluding 10.0.0), update to version 10.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the Handsontable.helper.isNumeric function until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2021-23446

GHSA-HF66-R44G-P7J9

SNYK-DOTNET-HANDSONTABLE-1726793

SNYK-JAVA-ORGWEBJARS-1726795

SNYK-JAVA-ORGWEBJARSBOWER-1726796

SNYK-JAVA-ORGWEBJARSBOWERGITHUBHANDSONTABLE-1726794

SNYK-JAVA-ORGWEBJARSNPM-1726797

SNYK-JS-HANDSONTABLE-1726770

Affected Products

Handsontable

CVE-2021-23446

Weakness Enumeration

Related Identifiers

Affected Products

References · 12