GHSA-5rqg-jm4f-cqx7: 
JavaScript vulnerability analysis and mitigation

The colors.js library, used for including colored text in node.js consoles, experienced a critical security incident between January 7-9, 2022. Versions 1.4.1, 1.4.2, and 1.4.44-liberty-2 were published containing malicious code that introduced a Denial of Service vulnerability. This incident was tracked as GHSA-5rqg-jm4f-cqx7 and was rated as high severity (GitHub Advisory).

The vulnerability was introduced through malicious code that created an infinite loop in the application. The affected versions (1.4.1, 1.4.2, and 1.4.44-liberty-2) contained code that would execute an infinite loop starting from number 666, causing unbound system resource consumption. The issue was classified as CWE-835 (Loop with Unreachable Exit Condition) (GitHub Advisory).

The malicious code resulted in two primary impacts: the continuous printing of randomized characters to the console and an infinite loop that led to unbound system resource consumption, effectively causing a Denial of Service condition for applications using the affected versions (GitHub Advisory).

Users of the affected versions are advised to downgrade to version 1.4.0, which does not contain the malicious code. No patches were released for the affected versions, making downgrade the only viable mitigation strategy (GitHub Advisory).