Linux Distros Unpatched Vulnerability : CVE-2020-28496

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret =...

3base (>=0.1.30 <=0.1.31), 3d-a (>=1.0.0 <=1.1.5) +1008 more potentially affected by CVE-2020-28496 via three (>=0.100.0 <=0.124.0)

three NPM version =0.100.0, =0.1.30, =1.0.0, =1.0.0, =2.0.40, =1.0.1, =1.43.6, =1.0.0, =0.0.1, =1.0.0, =1.0.4 and more Source cves: CVE-2020-28496 Source advisory: OSV:GHSA-FQ6P-X6J3-CMMQ...

CVE-2020-28496

creationtimestamp| type| source ---|---|--- 2021-02-18 18:50:12+00:00| published-proof-of-concept| https://t.me/cibsecurity/23801 2021-03-01 19:57:16+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-fq6p-x6j3-cmmq...

CVE-2020-28496

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...

CVE-2020-28496

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...

UBUNTU-CVE-2020-28496

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...

CVE-2020-28496

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...

CVE-2020-28496

CVE-2020-28496 affects the three.js library (Color) before version 0.125.0. The root cause is a Regular Expression Denial of Service (ReDoS) triggered when handling rgb/hsl color strings, demonstrated by a PoC that builds an abnormally long rgb(…) string. Documented impact includes potential perf...

CVE-2020-28496 Regular Expression Denial of Service (ReDoS)

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...

CVE-2020-28496

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var time = Date.now; new Colorbuildblank50000 var...