Highcharts vulnerability CVE-2018-20801

I’m posting this to check if the gatling-charts-highcharts module is affected by this vulnerability.

If so, is there any timeline to fix this?

Thank you.


IMO, this is yet another perfect example of a nonsensical CVE.

There’s absolutely no practical implication of this so-called vulnerability on this library that is used client side (it’s not going to harm the server), in particular in Gatling’s usage (local HTML files sitting on the file system).

If so, is there any timeline to fix this?

Highcharts is not an open source library, not free for our usage and we’ve stopped paying for upgrades.
As a result, we’re stuck on an old Highcharts version until a real issue arises unless someone sponsors the upgrade (Highcharts license fees + manpower).

You’d better disable this alert in your vulnerability scanning tool as a false positive.

Note: Gatling paying products don’t use Highcharts.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.