Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtYzgtY2pmci1waHgz
Regular Expression Denial of Service in highcharts
Versions of highcharts prior to 6.1.0 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Recommendation
Upgrade to version 6.1.0 or higher.
Permalink: https://github.com/advisories/GHSA-xmc8-cjfr-phx3JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtYzgtY2pmci1waHgz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00313
EPSS Percentile: 0.70504
Identifiers: GHSA-xmc8-cjfr-phx3, CVE-2018-20801
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-20801
- https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa
- https://github.com/advisories/GHSA-xmc8-cjfr-phx3
- https://www.npmjs.com/advisories/793
- https://snyk.io/vuln/npm:highcharts:20180225
- https://security.netapp.com/advisory/ntap-20190715-0001/
Blast Radius: 31.7
Affected Packages
npm:highcharts
Dependent packages: 945Dependent repositories: 16,723
Downloads: 5,328,492 last month
Affected Version Ranges: < 6.1.0
Fixed in: 6.1.0
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 4.1.10, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7
All unaffected versions: 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.2.0, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 8.1.1, 8.1.2, 8.2.0, 8.2.2, 9.0.0, 9.0.1, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.2.1, 9.2.2, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 11.0.0, 11.0.1, 11.1.0, 11.2.0, 11.3.0, 11.4.0, 11.4.1, 11.4.2, 11.4.3, 11.4.4, 11.4.5, 11.4.6, 11.4.7, 11.4.8, 12.0.0, 12.0.1