Security advisories

GHSA-36jr-mh4h-2g58

Published

Last updated

https://github.com/advisories/GHSA-36jr-mh4h-2g58

Description

d3-color vulnerable to ReDoS. The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

References

https://github.com/d3/d3-color/pull/100
https://github.com/d3/d3-color
https://github.com/d3/d3-color/releases/tag/v3.1.0
https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore.

Changes to static, git and busybox images

Products

Chainguard Images

Developer

Open source Docs

Resources

Unchained blog Chainguard Labs Customer stories Scanners Security Education

Company

About Newsroom Careers Chainguard love Legal Contact

Twitter GitHub LinkedIn TikTok