CVE-2018-20801 Information

Description

In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0 the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component aka ReDoS.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa https://security.netapp.com/advisory/ntap-20190715-0001/ https://snyk.io/vuln/npm:highcharts:20180225

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5