CVE-2021-29060: Allocation of Resources Without Limits or Throttling
(updated )
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String which occurs when the application is provided and checks a crafted invalid HWB string.
References
- github.com/Qix-/color-string/commit/0789e21284c33d89ebc4ab4ca6f759b9375ac9d3
- github.com/Qix-/color-string/releases/tag/1.5.5
- github.com/advisories/GHSA-257v-vj4p-3w2h
- github.com/yetingli/PoCs/blob/main/CVE-2021-29060/Color-String.md
- github.com/yetingli/SaveResults/blob/main/js/color-string.js
- nvd.nist.gov/vuln/detail/CVE-2021-29060
- www.npmjs.com/package/color-string
Detect and mitigate CVE-2021-29060 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →