Regular Expression Denial of Service in dat.gui

Description

All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 0.7.7

References

• GHSA-chwr-hf3w-c984
• snyk.io
• www.npmjs.com
• CVE-2020-7755
• CWE-400
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304
• Regular Expression Denial of Service in djvalidator - CVE-2020-7779
• Regular Expression Denial of Service in papaparse - CVE-2020-36649
• useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

dat.gui