Incorrect Regular Expression

CVE-2018-20801

High

7.5/10

Summary

In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-185 - Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

References

Advisory
Advisory

Advisory Timeline

Published Mar 14, 2019

Incorrect Regular Expression

CVE-2018-20801

Summary

CWE-185 - Incorrect Regular Expression

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS