CNNVD-202509-1978 Information

Sep 15, 2025 cve

CNNVD ID

CNNVD-202509-1978

CVE-2025-59145

CNNVD Published: 2025-09-15

Description (Chinese)

color-name是color.js开源的一个JavaScript库。 color-name 2.0.1版本存在安全漏洞，该漏洞源于钓鱼攻击导致账户被接管，可能重定向加密货币交易。

Description (English)

color-name is a JavaScript library from the open source of color.js. colour-name version 2.0.1 contains a security loophole, which results from fishing attacks that lead to the taking over of accounts and the possible redirection of encrypted currency transactions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

color.js

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/colorjs/color-name/security/advisories/GHSA-5fvm-p68v-5wmh https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised https://www.ox.security/blog/npm-packages-compromised https://github.com/debug-js/debug/issues/1005 https://access.redhat.com/security/cve/cve-2025-59145

Share on: