GMS-2022-4708: d3-color vulnerable to ReDoS

September 29, 2022

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 is vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

References

github.com/advisories/GHSA-36jr-mh4h-2g58
github.com/d3/d3-color/pull/100
github.com/d3/d3-color/releases/tag/v3.1.0
security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592

Detect and mitigate GMS-2022-4708 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →