GMS-2022-10: Loop with Unreachable Exit Condition ('Infinite Loop')

January 10, 2022

colors is a library for including colored text in node.js consoles. Between January, colors were published including malicious code that caused a Denial of Service due to an infinite loop. Software dependent on these versions experienced the printing of randomized characters to console and an infinite loop resulting in unbound system resource consumption.

References

github.com/Marak/colors.js/commit/137c6dae3339e97f4bbc838c221803c363b0a9fd
github.com/Marak/colors.js/commit/5d2d242f656103ac38086d6b26433a09f1c38c75
github.com/Marak/colors.js/commit/6bc50e79eeaa1d87369bb3e7e608ebed18c5cf26
github.com/advisories/GHSA-5rqg-jm4f-cqx7

Code Behaviors & Features

Detect and mitigate GMS-2022-10 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →