Lucene search
+L

6 matches found

vulnersOsv
vulnersOsv
added 2022/03/22 7:28 p.m.5 views

116zm_atm (=1.0.0), 11_mybank (=1.0.0) +607 more potentially affected by CVE-2021-23567 via faker (=6.6.6)

faker NPM version =6.6.6 is affected by a known vulnerability. The following packages have a transitive dependency on faker and may be impacted: - 116zmatm =1.0.0 - 11mybank =1.0.0 - @acceleratxr/react-shared =1.1.0, =0.1.0, =1.0.0, =1.2.1, =1.1.0, =1.3.0, =1.0.0, =1.1.0, =1.2.0, =1.1.0, =1.2.0,...

7.5CVSS7AI score0.01733EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/03/22 7:28 p.m.128 views

Removal of functional code in faker.js

Faker.js helps users create large amounts of data for testing and development. The maintainer deliberately removed the functional code from this package. This appears to be a purposeful and successful attempt to make the package unusable. This is related to the colors.js CVE-2021-23567. The...

7.5CVSS3.1AI score0.01733EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2022/03/22 7:28 p.m.27 views

GHSA-5W9C-RV96-FR7G Removal of functional code in faker.js

Faker.js helps users create large amounts of data for testing and development. The maintainer deliberately removed the functional code from this package. This appears to be a purposeful and successful attempt to make the package unusable. This is related to the colors.js CVE-2021-23567. The...

7.5CVSS5.9AI score0.01733EPSS
Exploits1References9
Cvelist
Cvelist
added 2022/01/14 8:5 p.m.28 views

CVE-2021-23567 Denial of Service (DoS)

The package colors after 1.4.0 are vulnerable to Denial of Service DoS that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over thi...

7.5CVSS7.8AI score0.01733EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/01/14 8:5 p.m.20 views

CVE-2021-23567

The package colors after 1.4.0 are vulnerable to Denial of Service DoS that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over thi...

7.5CVSS7.6AI score0.01733EPSS
Exploits1
CVE
CVE
added 2022/01/14 8:5 p.m.79 views

CVE-2021-23567

CVE-2021-23567 affects the colors.js package (colors) after version 1.4.0 due to an infinite loop in the americanFlag module, enabling a Denial of Service condition. Multiple sources (NVD, OSV, GHSA) describe the vulnerable code path and attribute it to a deliberate change by a maintainer. IBM bu...

7.5CVSS7.5AI score0.01733EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder