logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2020-7755 dat.gui

Package

Manager: npm
Name: dat.gui
Vulnerable Version: >=0 <=0.7.7

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00554 pctl0.67071

Details

Regular Expression Denial of Service in dat.gui All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.

Metadata

Created: 2021-05-10T18:44:38Z
Modified: 2021-04-21T17:36:43Z
Source: MANUAL
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-chwr-hf3w-c984
Finding: F002
Auto approve: 1