Vulnerability Name:

CCN-212233

Published:2021-07-05
Updated:2021-07-05
Summary:d3-color is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted string that starts with the letter 'A' to the rgb() and hrc() functions, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Consequences:Denial of Service
References:Source: XF
Type: UNKNOWN
d3color-expression-dos(212233)

Source: CCN
Type: d3-color GIT Repository
avoid backtracking (#100)

Source: CCN
Type: GitHub Web site
WS-2022-0322 (High) detected in d3-color-1.4.1.tgz #2482

Source: CCN
Type: SNYK-JS-D3COLOR-1076592
Regular Expression Denial of Service (ReDoS)

Source: CCN
Type: IBM Security Bulletin 6616293 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6845365 (QRadar WinCollect Agent)
IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6856473 (Process Mining)
Vulnerability in d3-color affects IBM Process Mining . WS-2022-0322

Source: CCN
Type: IBM Security Bulletin 6967283 (QRadar User Behavior Analytics)
IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6988637 (InfoSphere Information Server)
IBM InfoSphere Information Server is affected by a vulnerability in d3-color.

Source: CCN
Type: IBM Security Bulletin 6991555 (Edge Application Manager)
Open Source Dependency Vulnerability

Source: CCN
Type: IBM Security Bulletin 6997107 (Engineering Requirements Quality Assistant)
There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises

Source: CCN
Type: IBM Security Bulletin 6999327 (Qradar Advisor)
IBM QRadar Advisor With Watson App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7005455 (Spectrum Discover)
IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Source: CCN
Type: Mend Vulnerability Database
WS-2022-0322

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_transformation_advisor:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_user_behavior_analytics:1.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm infosphere information server 11.7
    ibm cloud transformation advisor 2.0.1
    ibm qradar user behavior analytics 1.0.0