18 matches found
EUVD-2022-7549
Malicious code in bioql PyPI...
CVE-2018-25061
A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The...
Regular Expression Denial Of Service (ReDoS)
rgb2hex is vulnerable to regular expression denial of service ReDoS. The vulnerability exists in the rgb2hex function of index.js due to insufficient regular expression complexity which allows an attacker to cause an application crash...
@akashic/engine-files-reftest (>=3.3.20 <=3.4.1-beta.4), @akumzy/vue-cli-plugin-electron-builder (>=0.0.1 <=0.0.4) +569 more potentially affected by CVE-2018-25061 via rgb2hex (>=0.1.0 <=0.1.10)
rgb2hex NPM version =0.1.0, =3.3.20, =0.0.1, =0.70.1, =3.5.0, =3.4.1-beta.0, =2.4.1, =0.5.9, =0.1.0, =5.0.0-beta.0, =1.0.3, =1.2.3, =1.0.0, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2018-25061 Source advisory: OSV:GHSA-7599-FQGM-V84P...
GHSA-7599-FQGM-V84P rgb2hex vulnerable to inefficient regular expression complexity
A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 can address this issue. The name of...
rgb2hex vulnerable to inefficient regular expression complexity
A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 can address this issue. The name of...
CVE-2018-25061
A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The...
CVE-2018-25061
A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The...
Design/Logic Flaw
A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The...
CVE-2018-25061
CVE-2018-25061 affects rgb2hex up to 0.1.5, where an inefficient regular-expression pattern leads to a ReDoS risk. The vulnerability reportedly allows remote initiation and is addressed by upgrading to version 0.1.6. The patch is identified as 9e0c38594432edfa64136fdf7bb651835e17c34f. Multiple so...
CVE-2018-25061 rgb2hex redos
A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The...
rgb2hex 安全漏洞
rgb2hex is a lightweight rgb/rgba-to-hexadecimal parser from the personal developer Christian Bromann. A security vulnerability exists in rgb2hex version 0.1.5 and earlier. An attacker exploited the vulnerability to cause inefficient regular expression complexity...
PT-2022-8071 · Rgb2Hex · Rgb2Hex
Name of the Vulnerable Software and Affected Versions: rgb2hex versions up to 0.1.5 Description: A vulnerability was found in the rgb2hex software, affecting some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely...
@akashic/engine-files-reftest (>=3.3.20 <=3.4.1-beta.4), @akumzy/vue-cli-plugin-electron-builder (>=0.0.1 <=0.0.4) +569 more potentially affected by unknown CVE via rgb2hex (>=0.1.0 <=0.1.10)
rgb2hex NPM version =0.1.0, =3.3.20, =0.0.1, =0.70.1, =3.5.0, =3.4.1-beta.0, =2.4.1, =0.5.9, =0.1.0, =5.0.0-beta.0, =1.0.3, =1.2.3, =1.0.0, =0.1.0, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-65P8-3HM4-H9H8...
Denial of Service in rgb2hex
All versions of rgb2hex are vulnerable to Regular Expression Denial of Service ReDoS when an attacker can pass in a specially crafted invalid color value. Recommendation Update to version 0.1.6 or later...
GHSA-65P8-3HM4-H9H8 Denial of Service in rgb2hex
All versions of rgb2hex are vulnerable to Regular Expression Denial of Service ReDoS when an attacker can pass in a specially crafted invalid color value. Recommendation Update to version 0.1.6 or later...
Denial of Service
Overview All versions of rgb2hex are vulnerable to Regular Expression Denial of Service ReDoS when an attacker can pass in a specially crafted invalid color value. Recommendation Update to version 0.1.6 or later. References - HackerOne Report -...
Node.js third-party modules: `rgb2hex` is vulnerable to ReDoS when parsing crafted invalid colors
I would like to report a ReDoS in rgb2hex. It allows to cause Denial of Service by trying to parse a crafted color string. Module module name: rgb2hex version: 0.1.0 npm page: https://www.npmjs.com/package/rgb2hex Module Description Parse any rgb or rgba string into a hex color. Lightweight...