SnykCVELIST:CVE-2021-23446CVE-2021-23446 Regular Expression Denial of Service (ReDoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.012 Low
EPSS
Percentile
85.2%
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.
CNA Affected
[
{
"product": "handsontable",
"vendor": "n/a",
"versions": [
{
"lessThan": "10.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Handsontable",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "10.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
github.com/handsontable/handsontable/issues/8752
github.com/handsontable/handsontable/pull/8742
snyk.io/vuln/SNYK-DOTNET-HANDSONTABLE-1726793
snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1726795
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1726796
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBHANDSONTABLE-1726794
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1726797
snyk.io/vuln/SNYK-JS-HANDSONTABLE-1726770
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.012 Low
EPSS
Percentile
85.2%