GSD-2022-1000007

Source
https://data.gsd.id/GSD-2022-1000007
Import Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000007.json
JSON Data
https://api.osv.dev/v1/vulns/GSD-2022-1000007
Withdrawn
2023-03-14T07:01:09.289034Z
Published
2022-01-09T02:46:05.199689Z
Modified
2023-03-14T07:01:09.289034Z
Summary
colors.js 1.4.1 has an infinite loop added by the primary developer
Details

colors.js had an infinite loop added by the primary developer in version 1.4.1 and 6.6.6 which was released on GitHub and NPM (which reports it as having 3,179 dependent packages that rely upon it). Additionally the GitHub repo was wiped of all files. This appears to have been done intentionally in commit 074a0f8ed0c31c35d13d28632bd8a049ff136fb6. It has since been fixed and colors.js version 1.4.2 has been released and it appears that both GitHub and NPM have locked out the original developer account and reverted the changes. It is reported that GitHub may be reinstating the account (see new URLs). Please note that this issue is directly related to GSD-2022-1000008 and appears to be part of the same incident.

References

Affected packages