A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.
References
Link | Resource |
---|---|
https://github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3 | Patch Third Party Advisory |
https://github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md | Exploit Patch Third Party Advisory |
https://github.com/yetingli/SaveResults/blob/main/js/color-string.js | Third Party Advisory |
https://www.npmjs.com/package/color-string | Product |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-21T15:45:53
Updated: 2021-06-21T15:45:53
Reserved: 2021-03-22T00:00:00
Link: CVE-2021-29060
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-21T16:15:08.113
Modified: 2021-07-01T14:57:22.333
Link: CVE-2021-29060
JSON object: View
Redhat Information
No data.
CWE