6 matches found
Regular Expression Denial of Service
Overview All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values. Recommendation Avoid using dat.gui as there is no current safe version of this module References - CVE - GitHub Advisory...
@cycle-robot-drivers/run (>=0.0.0 <=1.0.27), @wannaby/wanna-model-viewer (>=0.0.1 <=0.0.10) +17 more potentially affected by CVE-2020-7755 via dat.gui (>=0.6.5 <=0.7.7)
dat.gui NPM version =0.6.5, =0.0.0, =0.0.1, =1.0.0, =3.0.0, =0.0.0, =0.0.0, =1.0.0, =0.6.0, =0.1.0, =0.3.2, =2.0.0, =0.0.7, =0.0.0, =0.0.7 and more Source cves: CVE-2020-7755 Source advisory: OSV:GHSA-CHWR-HF3W-C984...
CVE-2020-7755
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values...
CVE-2020-7755 Regular Expression Denial of Service (ReDoS)
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service ReDoS via specifically crafted rgb and rgba values...
CVE-2020-7755
CVE-2020-7755 affects the JavaScript package dat.gui. All versions are vulnerable to a Regular Expression Denial of Service (ReDoS) triggered by specially crafted rgb/rgba values, due to a problematic regex pattern (e.g., in interpret.js per Veracode reference). Impact is potential DoS; exploitat...
@cycle-robot-drivers/run (>=0.0.0 <=1.0.27), @wannaby/wanna-model-viewer (>=0.0.1 <=0.0.10) +17 more potentially affected by CVE-2020-7755 via dat.gui (>=0.6.5 <=0.7.7)
dat.gui NPM version =0.6.5, =0.0.0, =0.0.1, =1.0.0, =3.0.0, =0.0.0, =0.0.0, =1.0.0, =0.6.0, =0.1.0, =0.3.2, =2.0.0, =0.0.7, =0.0.0, =0.0.7 and more Source cves: CVE-2020-7755 Source advisory: SNYK:JS-DATGUI-1016275...