Description
A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 can address this issue.
Recommendation
Update the rgb2hex package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.1.6
- Patched version(s): 0.1.6
References
Related Issues
- Astro allows unauthorized third-party images in _image endpoint - CVE-2025-55303
- jQuery-UI vulnerable to Cross-site Scripting in dialog closeText - CVE-2016-7103
- Server side request forgery in SwaggerUI (GHSA-qrmm-w75w-3wpx) 2 - Vulnerability
- Parse Server option `masterKeyIps` vulnerability to IP spoofing - CVE-2023-22474
- Tags:
- npm
- rgb2hex
Anything's wrong? Let us know Last updated on October 20, 2023