Skip to main content

Incorrect Regular Expression

CVE-2018-20801

Severity High
Score 7.5/10

Summary

In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-185 - Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

Advisory Timeline

  • Published