we are highcharts which we are using * @license Highcharts JS v3.0.9
and we do own the license of it .Currently our pentest team reports that there is a vulnerablity issue with the exporting .src.js in the svg parameter.Does the advanced verison of highcharts verision can handle such way that it is not non-vulnerable to any attacks (External Service Interaction (DNS and HTTP) where It was possible to induce the application to perform server-side DNS and HTTP lookups of arbitrary domain names.Or are there any options we need to look for?
-
KacperMadej
- Posts: 4632
- Joined: Mon Sep 15, 2014 12:43 pm
Re: HighChart vulnerability
Hi,
Is this problem connected to Highcharts Cloud?
Since Highcharts 3.0.9 the exporting module and exporting server has changed drastically. Here's more info about the exporting module: https://www.highcharts.com/docs/export- ... e-overview
Could you provide more info about the possible vulnerability? If the information is confidential please contact us via e-mail: [email protected]
Best Regards.
Is this problem connected to Highcharts Cloud?
Since Highcharts 3.0.9 the exporting module and exporting server has changed drastically. Here's more info about the exporting module: https://www.highcharts.com/docs/export- ... e-overview
Could you provide more info about the possible vulnerability? If the information is confidential please contact us via e-mail: [email protected]
Best Regards.
Kacper Madej
Highcharts Developer
Highcharts Developer