Inefficient Regular Expression Complexity
CVE-2021-23446
Summary
The package handsontable before 10.0.0; the package handsontable before 10.0.0 is vulnerable to Regular Expression Denial of Service (ReDoS) in "Handsontable.helper.isNumeric" function.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published