CVE-2021-23567 in colors정보

요약

\~에 의해 MITRE • 2022. 01. 14.

The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers&#039; controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

책임이 있는

Snyk

예약하다

2021. 01. 08.

모더레이션

수락

항목

VDB-190542

EPSS

0.01733

출처

Might our Artificial Intelligence support you?

Check our Alexa App!