CVE-2018-25061: 
JavaScript vulnerability analysis and mitigation

A vulnerability was found in rgb2hex up to version 0.1.5. The issue affects the regular expression processing functionality, which could lead to inefficient regular expression complexity. The vulnerability was discovered and disclosed on December 31, 2022, and was assigned CVE-2018-25061. The affected component is the rgb2hex package, which is used for color code conversion (NVD, VulDB).

The vulnerability is classified as a Regular Expression Denial of Service (ReDoS) issue, identified as CWE-1333 (Inefficient Regular Expression Complexity). The vulnerability has been rated with a CVSS v3.1 base score of 7.5 (HIGH) according to NVD, and 4.3 (MEDIUM) according to VulDB. The issue stems from the use of a regular expression with potentially exponential worst-case computational complexity that could consume excessive CPU cycles (NVD).

The vulnerability primarily affects the availability of systems using the rgb2hex package. When exploited, it can lead to excessive CPU consumption, potentially causing a denial of service condition. The attack can be initiated remotely, though the actual impact may vary depending on the implementation and usage context (VulDB).

The vulnerability has been fixed in version 0.1.6 of rgb2hex. The patch (9e0c38594432edfa64136fdf7bb651835e17c34f) addresses the issue by implementing a more efficient regular expression pattern. Users are recommended to upgrade to version 0.1.6 or later to mitigate this vulnerability (GitHub Patch, GitHub Release).