Description
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.7.7
References
Related Issues
- regular expression denial of service (ReDoS) - date-and-time - CVE-2020-26289
- Regular Expression Denial of Service (ReDoS) in lodash - CVE-2020-28500
- useragent Regular Expression Denial of Service vulnerability - CVE-2020-26311
- Regular Expression Denial of Service (ReDoS) in lodash - lodash.trimend - CVE-2020-28500
You might also like:
- Tags:
- npm
- dat.gui
Anything's wrong? Let us know Last updated on February 01, 2023


