color-string is vulnerable to regular expression denial of service. An attacker parsing a malicious crafted string that consist of more than 5000 characters into the hwb()
or hsl()
function will cause the system to crash.
CPE | Name | Operator | Version |
---|---|---|---|
color-string | le | 1.5.4 | |
node-color-string:sid | eq | 1.5.4-1 | |
node-color-string:sid | eq | 1.5.3-1 | |
node-color-string:bullseye | eq | 1.5.3-1 |