Description
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.7.7
References
Related Issues
- Knwl.js Regular Expression Denial of Service vulnerability - CVE-2020-26306
- Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304
- Regular Expression Denial of Service in djvalidator - CVE-2020-7779
- Regular Expression Denial of Service in papaparse - CVE-2020-36649
- Tags:
- npm
- dat.gui
Anything's wrong? Let us know Last updated on February 01, 2023