In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Highcharts | Highcharts | * | 6.1.0 (excluding) |