CVE-2021-23567

Name of the Vulnerable Software and Affected Versions colors versions after 1.4.0 Faker.js (affected versions not specified)

Description The issue is related to a Denial of Service (DoS) introduced through an infinite loop in the americanFlag module of the colors package. This appears to be a purposeful attempt by a maintainer to make the package unusable. The maintainer of Faker.js also deliberately removed functional code, making it unusable as well.

Recommendations For colors versions after 1.4.0, pin the dependency to 1.4.0 as a temporary workaround. For Faker.js, consider using the forked functional code available at https://github.com/faker-js/faker as an alternative. At the moment, there is no information about a newer version that contains a fix for this issue in Faker.js.