Severity: moderate

Denial of Service



All versions of rgb2hex are vulnerable to Regular Expression Denial of Service (ReDoS) when an attacker can pass in a specially crafted invalid color value.


Update to version 0.1.6 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    May 16th, 2018
  2. reported

    Initial report by Сковорода Никита Андреевич
    May 16th, 2018