Regular Expression Denial of Service (ReDoS)

Question

Regular Expression Denial of Service (ReDoS)

madnight opened this issue 6 years ago · comments

Regular Expression Denial of Service (ReDoS)

Vulnerable module: highcharts
Introduced through: react-highcharts@16.0.2
Introduced through: react-highcharts@16.0.2 › highcharts@6.0.7

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. This can cause an impact of about 10 seconds matching time for data 200K characters long.

Analysis by: https://snyk.io/test/github/kirjs/react-highcharts?severity=high&severity=medium&severity=low

Kirill Cherkashin · Answer 1 · Mon Mar 12 2018 01:45:23 GMT+0800 (China Standard Time)

Het @madnight thanks for reporting, looks like this is coming from the latest version of highcharts, have you tried reporting it there?