Regular Expression Denial Of Service (ReDoS)

2020-10-1406:25:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

dat.gui

redos

interpret.js

denial of service

EPSS

0.001

Percentile

45.7%

JSON

dat.gui is vulnerable to regular expression denial of service. The sub-pattern \s*(.+)\s* in interpret.js and can be exploited to cause a denial of service.

References

github.com/dataarts/dat.gui/blob/v0.7.7/src/dat/color/interpret.js#L60

github.com/dataarts/dat.gui/blob/v0.7.7/src/dat/color/interpret.js#L78

github.com/dataarts/dat.gui/issues/278

github.com/dataarts/dat.gui/pull/279

EPSS

0.001

Percentile

45.7%

JSON

Related for VERACODE:27577