📂 Vulnerable Library - g2-4.2.8.tgz
the Grammar of Graphics in Javascript
Path to dependency file: /flink-runtime-web/web-dashboard/package.json
Path to vulnerable library: /flink-runtime-web/web-dashboard/node_modules/@antv/g2/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| WS-2022-0322 |
🔴 High |
7.5 |
N/A |
N/A |
d3-color-1.4.1.tgz |
Transitive |
N/A |
❌ |
 Unreachable |
Details
🔴WS-2022-0322
Vulnerable Library - d3-color-1.4.1.tgz
Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).
Library home page: https://registry.npmjs.org/d3-color/-/d3-color-1.4.1.tgz
Path to dependency file: /flink-runtime-web/web-dashboard/package.json
Path to vulnerable library: /flink-runtime-web/web-dashboard/node_modules/d3-interpolate/node_modules/d3-color/package.json
Dependency Hierarchy:
- g2-4.2.8.tgz (Root Library)
- g-base-0.5.11.tgz
- d3-interpolate-1.4.0.tgz
- ❌ d3-color-1.4.1.tgz (Vulnerable Library)
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.
Publish Date: Oct 29, 2024 04:39 PM
URL: WS-2022-0322
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 7.5
Suggested Fix
Type: Upgrade version
Origin: GHSA-36jr-mh4h-2g58
Release Date: Nov 03, 2024 10:01 AM
Fix Resolution : d3-color - 3.1.0
📂 Vulnerable Library - g2-4.2.8.tgz
the Grammar of Graphics in Javascript
Path to dependency file: /flink-runtime-web/web-dashboard/package.json
Path to vulnerable library: /flink-runtime-web/web-dashboard/node_modules/@antv/g2/package.json
Findings
Details
🔴WS-2022-0322
Vulnerable Library - d3-color-1.4.1.tgz
Color spaces! RGB, HSL, Cubehelix, Lab and HCL (Lch).
Library home page: https://registry.npmjs.org/d3-color/-/d3-color-1.4.1.tgz
Path to dependency file: /flink-runtime-web/web-dashboard/package.json
Path to vulnerable library: /flink-runtime-web/web-dashboard/node_modules/d3-interpolate/node_modules/d3-color/package.json
Dependency Hierarchy:
Reachability Analysis
The vulnerable code is unreachable
Vulnerability Details
The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.
Publish Date: Oct 29, 2024 04:39 PM
URL: WS-2022-0322
Threat Assessment
Exploit Maturity:N/A
EPSS:N/A
Score: 7.5
Suggested Fix
Type: Upgrade version
Origin: GHSA-36jr-mh4h-2g58
Release Date: Nov 03, 2024 10:01 AM
Fix Resolution : d3-color - 3.1.0