CVE-2021-29060
Summary
| CVE | CVE-2021-29060 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-06-21 16:15:00 UTC |
|---|
| Updated | 2021-07-01 14:57:00 UTC |
|---|
| Description | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| color-string - npm |
MISC |
www.npmjs.com |
|
| SaveResults/color-string.js at main · yetingli/SaveResults · GitHub |
MISC |
github.com |
|
| PoCs/Color-String.md at main · yetingli/PoCs · GitHub |
MISC |
github.com |
|
| fix ReDos in hwb() parser (low-severity) · Qix-/color-string@0789e21 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180467 Debian Security Update for node-color-string (CVE-2021-29060)
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 378883 Splunk Enterprise August Third Party Package Updates (SVD-2023-0808)
- 982025 Nodejs (npm) Security Update for color-string (GHSA-257v-vj4p-3w2h)
