Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01cnFnLWptNGYtY3F4N80hSA

Infinite loop causing Denial of Service in colors

colors is a library for including colored text in node.js consoles. Between 07 and 09 January 2022, colors versions 1.4.1, 1.4.2, and 1.4.44-liberty-2 were published including malicious code that caused a Denial of Service due to an infinite loop. Software dependent on these versions experienced the printing of randomized characters to console and an infinite loop resulting in unbound system resource consumption.

Users of colors relying on these specific versions should downgrade to version 1.4.0.

Permalink: https://github.com/advisories/GHSA-5rqg-jm4f-cqx7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cnFnLWptNGYtY3F4N80hSA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: over 1 year ago


Identifiers: GHSA-5rqg-jm4f-cqx7
References: Repository: https://github.com/Marak/colors.js
Blast Radius: 0.0

Affected Packages

npm:Colors
Dependent packages: 29,121
Dependent repositories: 535,834
Downloads: 67,719,029 last month
Affected Version Ranges: = 1.4.44-liberty-2, >= 1.4.1, <= 1.4.2
No known fixed version
All affected versions: