GHSA-36jr-mh4h-2g58

Опубликовано: 29 сент. 2022

Источник: github

Github: Прошло ревью

Описание

d3-color vulnerable to ReDoS

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

Ссылки

https://github.com/d3/d3-color/pull/100
https://github.com/d3/d3-color/releases/tag/v3.1.0
https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592

Пакеты

Наименование

d3-color

npm

Затронутые версииВерсия исправления

< 3.1.0

3.1.0

Дефекты

CWE-400

Дефекты

CWE-400