Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-40892

Published: 24/06/2022 Updated: 08/08/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Validate Color Project

Vulnerability Summary

A Regular Expression Denial of Service (ReDOS) vulnerability exists in validate-color v2.1.0 when handling crafted invalid rgb(a) strings.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

validate color project validate color 2.1.0

Github Repositories

https://github.com/dreamyguy/validate-color

βœ…πŸŒˆπŸ™Œ Validate HTML colors by 'name', 'special name', 'hex', 'rgb', 'rgba', 'hsl', 'hsla', 'hwb' or 'lab' values

Validate Color βœ…πŸŒˆπŸ™Œ Validate HTML colors by name, special name, hex, rgb, rgba, hsl, hsla, hwb, lab or lch values HTML colors are remarkably easy to get wrong, because they allow for so many different values As I was writing Console Log Plus, I thought it would be great to allow users to pass any HTML color they wanted as one of the parameter to the function But

References

CWE-1333https://github.com/yetingli/SaveResults/blob/main/js/validate-color.jshttps://nvd.nist.govhttps://github.com/dreamyguy/validate-color
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook