Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS)
Vulnerability Description
The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
colors.js 安全漏洞
Vulnerability Description
Colors.js是美国Marak个人开发者的用于在 Node.js 控制台中获取颜色。 colors.js 中存在安全漏洞。攻击者可以通过 AmericanFlag 模块中的无限循环引入拒绝服务 (DoS) 的攻击。
CVSS Information
N/A
Vulnerability Type
N/A