GHSA-36jr-mh4h-2g58

Source

https://github.com/advisories/GHSA-36jr-mh4h-2g58

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-36jr-mh4h-2g58/GHSA-36jr-mh4h-2g58.json

Published

2022-09-29T14:12:55Z

Modified

2022-09-29T14:12:55Z

Details

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

References

https://github.com/d3/d3-color/pull/100
https://github.com/d3/d3-color
https://github.com/d3/d3-color/releases/tag/v3.1.0
https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592

Affected packages

npm / d3-color

Package

Name: d3-color

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.1.0