In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS.
{
"cpe": "cpe:2.3:a:highcharts:highcharts:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "6.1.0"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}