0.003 Low
EPSS
Percentile
70.5%
three is vulnerable to regular expression denial of service. The usage of an insecure regex in setStyle function in color.js allows an attacker to cause excessive consumption of CPU resources, potentially resulting in an application crash.
setStyle
color.js
github.com/mrdoob/three.js/issues/21132
github.com/mrdoob/three.js/pull/21143
github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e