← Voltar para CVEs
CVE-2021-29489
HIGH7.6
Descricao
Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.
Detalhes CVE
Pontuacao CVSS v3.17.6
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado5/5/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
highcharts:highchartsnetapp:cloud_backupnetapp:oncommand_insightnetapp:oncommand_workflow_automationnetapp:snapcenter
Fraquezas (CWE)
CWE-79
Referencias
https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95(security-advisories@github.com)
https://security.netapp.com/advisory/ntap-20210622-0005/(security-advisories@github.com)
https://github.com/highcharts/highcharts/security/advisories/GHSA-8j65-4pcq-xq95(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210622-0005/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.