Vulnerabilities > CVE-2021-23446 - Unspecified vulnerability in Handsontable
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function.
Vulnerable Configurations
References
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBHANDSONTABLE-1726794
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1726795
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1726796
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1726797
- https://snyk.io/vuln/SNYK-JS-HANDSONTABLE-1726770
- https://github.com/handsontable/handsontable/issues/8752
- https://snyk.io/vuln/SNYK-DOTNET-HANDSONTABLE-1726793
- https://github.com/handsontable/handsontable/pull/8742