Home > Vulnerability Database > WS-2021-0040

Mend.io Vulnerability Database

WS-2021-0040

Good to know:

Date: March 12, 2021

In highcharts-export-server before version 2.1.0 there is a vulnerability that allows exposure of internal HTTP resources. The vulnerability allows for reading and outputting files served by other services on the internal network in which the export server is hosted. If the export server is exposed to the internet, this potentially allows a malicious user to gain read access to internal web-resources.

Language: JS

Severity Score

8.8

Related Resources (2)

Url: https://github.com/highcharts/node-export-server/commit/53fa992a96785a5a08390e55ec30ea2ad217dfe6

Url: https://www.mend.io/vulnerability-database/WS-2021-0040

Severity Score

8.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Files or Directories Accessible to External Parties

CWE-552

Top Fix

Upgrade Version

Upgrade to version highcharts-export-server - 2.1.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0040

Good to know:

Date: March 12, 2021

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?