SCA: security update for rgb2hex (GHSA-7599-fqgm-v84p)

high Tenable Self-Hosted Container Security Plugin ID 411832

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects
some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack
may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The patch is named
9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The
associated identifier of this vulnerability is VDB-217151. (CVE-2018-25061)

See Also

https://github.com/advisories/GHSA-7599-fqgm-v84p

Plugin Details

Severity: High

ID: 411832

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2018-25061

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 12/31/2022

Vulnerability Publication Date: 12/31/2022

Reference Information

CVE: CVE-2018-25061