Description
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
Remediation
References
https://github.com/dataarts/dat.gui/issues/278
https://snyk.io/vuln/SNYK-JS-DATGUI-1016275
Related Vulnerabilities
CVE-2021-40663 Vulnerability in npm package deep.assign
CVE-2022-0508 Vulnerability in npm package @peertube/embed-api
CVE-2021-29620 Vulnerability in maven package com.epam.reportportal:service-api
CVE-2018-16474 Vulnerability in npm package tianma-static
CVE-2023-49448 Vulnerability in maven package com.jfinal:jfinal