Description
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.7.7
References
Related Issues
- is_js vulnerable to Regular Expression Denial of Service - CVE-2020-26302
- Knwl.js Regular Expression Denial of Service vulnerability - CVE-2020-26306
- CommonRegexJS Regular Expression Denial of Service vulnerability - CVE-2020-26305
- Foundation Regular Expression Denial of Service vulnerability - CVE-2020-26304
- Tags:
- npm
- dat.gui
Anything's wrong? Let us know Last updated on February 01, 2023