AIKIDO-2024-10089

TL;DR

Affected versions of the lightweight-charts package are vulnerable to Regular Expression Denial of Service (ReDoS). The color regex const rgbaRe = /^rgba\(\s*(-?\d{1,10})\s*,\s*(-?\d{1,10})\s*,\s*(-?\d{1,10})\s*,\s*(-?[\d]{0,10}(?:\.\d+)?)\s*\)$/ contains a possible weakness. This vulnerability can be exploited with inputs like 'rgba(0,0,0,' + '\t'.repeat(54773) + '\x00', leading to excessive CPU usage and Denial of Service.