@cycle-robot-drivers/run (>=0.0.0 <=1.0.27), @wannaby/wanna-model-viewer (>=0.0.1 <=0.0.10) +17 more potentially affected by CVE-2020-7755 via dat.gui (>=0.6.5 <=0.7.7)

dat.gui NPM version =0.6.5, =0.0.0, =0.0.1, =1.0.0, =3.0.0, =0.0.0, =0.0.0, =1.0.0, =0.6.0, =0.1.0, =0.3.2, =2.0.0, =0.0.7, =0.0.0, =0.0.7 and more Source cves: CVE-2020-7755 Source advisory: OSV:GHSA-CHWR-HF3W-C984...

PT-2020-19769 · Dat · Dat.Gui

Name of the Vulnerable Software and Affected Versions: dat.gui versions prior to a fixed version Description: The issue is related to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values. This can be exploited in all versions of the package dat.gui...

@cycle-robot-drivers/run (>=0.0.0 <=1.0.27), @wannaby/wanna-model-viewer (>=0.0.1 <=0.0.10) +17 more potentially affected by CVE-2020-7755 via dat.gui (>=0.6.5 <=0.7.7)

dat.gui NPM version =0.6.5, =0.0.0, =0.0.1, =1.0.0, =3.0.0, =0.0.0, =0.0.0, =1.0.0, =0.6.0, =0.1.0, =0.3.2, =2.0.0, =0.0.7, =0.0.0, =0.0.7 and more Source cves: CVE-2020-7755 Source advisory: SNYK:JS-DATGUI-1016275...

Regular Expression Denial of Service (ReDoS)

Overview dat.gui is an A lightweight graphical user interface for changing variables in JavaScript. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via specially crafted rgb and rgba values. PoC js var gui = new dat.gui.GUI; var Options = function...