Description
All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
Remediation
References
https://github.com/dataarts/dat.gui/issues/278
https://snyk.io/vuln/SNYK-JS-DATGUI-1016275
Related Vulnerabilities
CVE-2023-35145 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration
CVE-2021-23369 Vulnerability in npm package handlebars
CVE-2022-25758 Vulnerability in npm package scss-tokenizer
CVE-2018-3721 Vulnerability in maven package org.webjars.npm:lodash
CVE-2023-33831 Vulnerability in npm package @frangoteam/fuxa