CNNVD-202509-1991 Information
CNNVD ID
CNNVD-202509-1991
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
color-convert是Josh Junon个人开发者的一个JavaScript中的颜色转换函数。 color-convert 3.1.1版本存在安全漏洞,该漏洞源于账户被钓鱼攻击后植入恶意代码,可能导致浏览器环境中加密货币交易被重定向。
Description (English)
color-convert is a colour conversion function in JavaScript from Josh Junon’s personal developer. There is a security loophole in version colour-convert 3.1.1, which stems from the implantation of a malicious code after the account has been attacked by fishing, which could lead to a redirection of encrypted currency transactions in the browser environment.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-09-15
Last Modified
2026-02-24
References
https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised https://www.ox.security/blog/npm-packages-compromised https://github.com/Qix-/color-convert/security/advisories/GHSA-pxx3-g568-hxr4 https://github.com/debug-js/debug/issues/1005
Patch
https://github.com/Qix-/color-convert/releases
Share on: