Description
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.7.7
References
Related Issues
- min-document vulnerable to prototype pollution - CVE-2025-57352
- Vite bypasses server.fs.deny when using ?raw?? - CVE-2025-30208
- GetmeUK ContentTools Cross-Site Scripting (XSS) - CVE-2025-2699
- node-gettext vulnerable to Prototype Pollution - CVE-2024-21528
- Tags:
- npm
- dat.gui
Anything's wrong? Let us know Last updated on February 01, 2023