CVE-2021-23567 in colorsinformação

Sumário

de MITRE • 14/01/2022

The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers&#039; controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsável

Snyk

Reservar

08/01/2021

Divulgação

14/01/2022

Moderação

aceite

Entrada

VDB-190542

CPE

pronto

EPSS

0.01733

KEV

não

Atividades

muito baixo

Fontes

Want to know what is going to be exploited?

We predict KEV entries!