GMS-2019-52: Denial of Service in rgb2hex

August 23, 2019 (updated August 17, 2021)

All versions of rgb2hex are vulnerable to Regular Expression Denial of Service (ReDoS) when an attacker can pass in a specially crafted invalid color value. Update to or later.

References

github.com/advisories/GHSA-65p8-3hm4-h9h8
github.com/christian-bromann/rgb2hex/blob/v0.1.0/index.js
hackerone.com/reports/319629
nodesecurity.io/advisories/647
snyk.io/vuln/npm:rgb2hex:20180429
www.npmjs.com/advisories/647

Detect and mitigate GMS-2019-52 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →