Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for dat.gui by dat.gui_project

    CVE-2020-7755 (GCVE-0-2020-7755)

    Vulnerability from nvd – Published: 2020-10-27 17:45 – Updated: 2024-09-17 00:11
    VLAI
    Title
    Regular Expression Denial of Service (ReDoS)
    Summary
    All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
    CWE
    • Regular Expression Denial of Service (ReDoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a dat.gui Affected: 0 , < unspecified (custom)
    Date Public
    2020-10-27 00:00
    Credits
    Yeting Li
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.503Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-DATGUI-1016275"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/dataarts/dat.gui/issues/278"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dat.gui",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Yeting Li"
            }
          ],
          "datePublic": "2020-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "UNAVAILABLE",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 7.1,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Regular Expression Denial of Service (ReDoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-27T17:45:14.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-DATGUI-1016275"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataarts/dat.gui/issues/278"
            }
          ],
          "title": "Regular Expression Denial of Service (ReDoS)",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2020-10-27T17:41:55.314721Z",
              "ID": "CVE-2020-7755",
              "STATE": "PUBLIC",
              "TITLE": "Regular Expression Denial of Service (ReDoS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dat.gui",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Yeting Li"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Regular Expression Denial of Service (ReDoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-DATGUI-1016275",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-DATGUI-1016275"
                },
                {
                  "name": "https://github.com/dataarts/dat.gui/issues/278",
                  "refsource": "MISC",
                  "url": "https://github.com/dataarts/dat.gui/issues/278"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2020-7755",
        "datePublished": "2020-10-27T17:45:14.470Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:11:01.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7755 (GCVE-0-2020-7755)

    Vulnerability from cvelistv5 – Published: 2020-10-27 17:45 – Updated: 2024-09-17 00:11
    VLAI
    Title
    Regular Expression Denial of Service (ReDoS)
    Summary
    All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values.
    CWE
    • Regular Expression Denial of Service (ReDoS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a dat.gui Affected: 0 , < unspecified (custom)
    Date Public
    2020-10-27 00:00
    Credits
    Yeting Li
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.503Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-DATGUI-1016275"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/dataarts/dat.gui/issues/278"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dat.gui",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Yeting Li"
            }
          ],
          "datePublic": "2020-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "UNAVAILABLE",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 7.1,
                "temporalSeverity": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Regular Expression Denial of Service (ReDoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-27T17:45:14.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-DATGUI-1016275"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataarts/dat.gui/issues/278"
            }
          ],
          "title": "Regular Expression Denial of Service (ReDoS)",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2020-10-27T17:41:55.314721Z",
              "ID": "CVE-2020-7755",
              "STATE": "PUBLIC",
              "TITLE": "Regular Expression Denial of Service (ReDoS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dat.gui",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Yeting Li"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Regular Expression Denial of Service (ReDoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-DATGUI-1016275",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-DATGUI-1016275"
                },
                {
                  "name": "https://github.com/dataarts/dat.gui/issues/278",
                  "refsource": "MISC",
                  "url": "https://github.com/dataarts/dat.gui/issues/278"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2020-7755",
        "datePublished": "2020-10-27T17:45:14.470Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:11:01.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }