OpenSearch-Dashboards icon indicating copy to clipboard operation
OpenSearch-Dashboards copied to clipboard

Published 20 hours ago • verified publisher icon opensearch-project

WS-2022-0322 (Medium) detected in d3-color-1.4.1.tgz

Open mend-for-github-com[bot] opened this issue 3 years ago • 0 comments

WS-2022-0322 - Medium Severity Vulnerability

Vulnerable Library - d3-color-1.4.1.tgz

Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).

Library home page: https://registry.npmjs.org/d3-color/-/d3-color-1.4.1.tgz

Dependency Hierarchy:

  • charts-31.1.0.tgz (Root Library)
    • :x: d3-color-1.4.1.tgz (Vulnerable Library)

Found in HEAD commit: cba076465f44b6a819e3cff7986ff4cd21a66371

Found in base branch: main

Vulnerability Details

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

Publish Date: 2022-09-29

URL: WS-2022-0322

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-36jr-mh4h-2g58

Release Date: 2022-09-29

Fix Resolution: d3-color - 3.1.0

mend-for-github-com[bot] avatar Oct 03 '22 06:10 mend-for-github-com[bot]