CVE-2018-25061 — rgb2hex vulnerable to inefficient regular expression complexity

描述

A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 can address this issue. The name of the patch is 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151.

如何修補 CVE-2018-25061

要修補 CVE-2018-25061,請將受影響套件升級到下列已修補版本。

—升級至 0.1.6 或更新版本

CVE-2018-25061 正在被利用嗎?

低 — EPSS 為 0.5%,目前沒有觀察到大規模利用活動。

受影響套件(1)

from 0, < 0.1.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-25061
PATCHgithub.com/christian-bromann/rgb2hex
WEBgithub.com/christian-bromann/rgb2hex/commit/9e0c38594432edfa64136fdf7bb651835e17c34f
WEBgithub.com/christian-bromann/rgb2hex/releases/tag/v0.1.6