CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-G99M-3M46-4GM9
Vulnerability from github – Published: 2019-05-14 04:00 – Updated: 2021-08-03 21:31Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.sanselan:sanselan"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.97-incubator"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-17202"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2019-05-09T15:07:18Z",
"nvd_published_at": "2019-05-06T18:29:00Z",
"severity": "HIGH"
},
"details": "Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging.",
"id": "GHSA-g99m-3m46-4gm9",
"modified": "2021-08-03T21:31:13Z",
"published": "2019-05-14T04:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17202"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/69204376d12205b0d2d90e6fcbeebb99b894e6db88c8ff565c4e1efa@%3Cdev.commons.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite Loop in Apache Sanselan"
}
GHSA-G9GF-WJCV-FPQ5
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.
{
"affected": [],
"aliases": [
"CVE-2017-18238"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-15T19:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.",
"id": "GHSA-g9gf-wjcv-fpq5",
"modified": "2022-05-13T01:44:38Z",
"published": "2022-05-13T01:44:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18238"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2048"
},
{
"type": "WEB",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=102483"
},
{
"type": "WEB",
"url": "https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00013.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3668-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G9XF-7F8Q-9MCJ
Vulnerability from github – Published: 2026-07-09 21:09 – Updated: 2026-07-09 21:09Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer.
Patches
This has been fixed in pypdf==6.13.1.
Workarounds
If users cannot upgrade yet, consider applying the changes from PR #3839.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pypdf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54651"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-09T21:09:53Z",
"nvd_published_at": "2026-06-22T21:16:25Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer.\n\n### Patches\n\nThis has been fixed in [pypdf==6.13.1](https://github.com/py-pdf/pypdf/releases/tag/6.13.1).\n\n### Workarounds\n\nIf users cannot upgrade yet, consider applying the changes from PR [#3839](https://github.com/py-pdf/pypdf/pull/3839).",
"id": "GHSA-g9xf-7f8q-9mcj",
"modified": "2026-07-09T21:09:53Z",
"published": "2026-07-09T21:09:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-g9xf-7f8q-9mcj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54651"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/pull/3839"
},
{
"type": "PACKAGE",
"url": "https://github.com/py-pdf/pypdf"
},
{
"type": "WEB",
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.13.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pypdf: Possible infinite loop when processing threads/articles in writer"
}
GHSA-GFH2-7JG5-653P
Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2021-05-20 16:29docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/appc/docker2aci"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-8579"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-20T16:29:42Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "docker2aci \u003c= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.",
"id": "GHSA-gfh2-7jg5-653p",
"modified": "2021-05-20T16:29:42Z",
"published": "2022-02-15T01:57:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8579"
},
{
"type": "WEB",
"url": "https://github.com/appc/docker2aci/issues/203"
},
{
"type": "WEB",
"url": "https://github.com/appc/docker2aci/pull/204/commits/54331ec7020e102935c31096f336d31f6400064f"
},
{
"type": "WEB",
"url": "https://github.com/appc/docker2aci/releases/tag/v0.13.0"
},
{
"type": "WEB",
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8579"
},
{
"type": "WEB",
"url": "https://www.securityfocus.com/bid/93560"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Denial of Service in docker2aci"
}
GHSA-GFVH-R99J-X28P
Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).
{
"affected": [],
"aliases": [
"CVE-2020-9307"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-11T21:15:00Z",
"severity": "MODERATE"
},
"details": "Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).",
"id": "GHSA-gfvh-r99j-x28p",
"modified": "2022-05-24T17:41:54Z",
"published": "2022-05-24T17:41:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9307"
},
{
"type": "WEB",
"url": "https://www.belden.com/dfsmedia/f1e38517e0cd4caa8b1acb6619890f5e/12276-source/options/view"
},
{
"type": "WEB",
"url": "https://www.belden.com/security"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GFVQ-MXW3-MFQ3
Vulnerability from github – Published: 2023-10-03 06:30 – Updated: 2023-10-04 19:34Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "asyncua"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.96"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26151"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-04T14:19:07Z",
"nvd_published_at": "2023-10-03T05:15:50Z",
"severity": "HIGH"
},
"details": "Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.",
"id": "GHSA-gfvq-mxw3-mfq3",
"modified": "2023-10-04T19:34:19Z",
"published": "2023-10-03T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26151"
},
{
"type": "WEB",
"url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1013"
},
{
"type": "WEB",
"url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1039"
},
{
"type": "WEB",
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262"
},
{
"type": "WEB",
"url": "https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8"
},
{
"type": "PACKAGE",
"url": "https://github.com/FreeOpcUa/opcua-asyncio"
},
{
"type": "WEB",
"url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/asyncua/PYSEC-2023-190.yaml"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "asyncua vulnerable to denial of service via infinite loop"
}
GHSA-GGGQ-J347-R3W6
Vulnerability from github – Published: 2025-03-27 15:31 – Updated: 2025-11-03 21:33In the Linux kernel, the following vulnerability has been resolved:
tee: optee: Fix supplicant wait loop
OP-TEE supplicant is a user-space daemon and it's possible for it be hung or crashed or killed in the middle of processing an OP-TEE RPC call. It becomes more complicated when there is incorrect shutdown ordering of the supplicant process vs the OP-TEE client application which can eventually lead to system hang-up waiting for the closure of the client application.
Allow the client process waiting in kernel for supplicant response to be killed rather than indefinitely waiting in an unkillable state. Also, a normal uninterruptible wait should not have resulted in the hung-task watchdog getting triggered, but the endless loop would.
This fixes issues observed during system reboot/shutdown when supplicant got hung for some reason or gets crashed/killed which lead to client getting hung in an unkillable state. It in turn lead to system being in hung up state requiring hard power off/on to recover.
{
"affected": [],
"aliases": [
"CVE-2025-21871"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T14:15:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix supplicant wait loop\n\nOP-TEE supplicant is a user-space daemon and it\u0027s possible for it\nbe hung or crashed or killed in the middle of processing an OP-TEE\nRPC call. It becomes more complicated when there is incorrect shutdown\nordering of the supplicant process vs the OP-TEE client application which\ncan eventually lead to system hang-up waiting for the closure of the\nclient application.\n\nAllow the client process waiting in kernel for supplicant response to\nbe killed rather than indefinitely waiting in an unkillable state. Also,\na normal uninterruptible wait should not have resulted in the hung-task\nwatchdog getting triggered, but the endless loop would.\n\nThis fixes issues observed during system reboot/shutdown when supplicant\ngot hung for some reason or gets crashed/killed which lead to client\ngetting hung in an unkillable state. It in turn lead to system being in\nhung up state requiring hard power off/on to recover.",
"id": "GHSA-gggq-j347-r3w6",
"modified": "2025-11-03T21:33:13Z",
"published": "2025-03-27T15:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21871"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0180cf0373f84fff61b16f8c062553a13dd7cfca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/21234efe2a8474a6d2d01ea9573319de7858ce44"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3eb4911364c764572e9db4ab900a57689a54e8ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/70b0d6b0a199c5a3ee6c72f5e61681ed6f759612"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c0a9a948159153be145f9471435695373904ee6d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d61cc1a435e6894bfb0dd3370c6f765d2d12825d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec18520f5edc20a00c34a8c9fdd6507c355e880f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fd9d2d6124c293e40797a080adf8a9c237efd8b8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GH28-WW79-7H4V
Vulnerability from github – Published: 2026-05-12 00:31 – Updated: 2026-05-12 00:31barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely.
{
"affected": [],
"aliases": [
"CVE-2026-34962"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T23:19:47Z",
"severity": "MODERATE"
},
"details": "barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely.",
"id": "GHSA-gh28-ww79-7h4v",
"modified": "2026-05-12T00:31:15Z",
"published": "2026-05-12T00:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34962"
},
{
"type": "WEB",
"url": "https://github.com/barebox/barebox"
},
{
"type": "WEB",
"url": "https://github.com/barebox/barebox/releases/tag/v2026.04.0"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/barebox-ext4-directory-parsing-infinite-loop-denial-of-service"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GH4V-V2HH-G9M6
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-06 15:30This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203.
{
"affected": [],
"aliases": [
"CVE-2022-37013"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203.",
"id": "GHSA-gh4v-v2hh-g9m6",
"modified": "2023-04-06T15:30:18Z",
"published": "2023-03-29T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37013"
},
{
"type": "WEB",
"url": "https://documentation.unified-automation.com/uasdkcpp/1.7.7/CHANGELOG.txt"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1029"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GH88-3PXP-6FM8
Vulnerability from github – Published: 2022-01-21 23:39 – Updated: 2022-01-21 21:04The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "colors"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23567"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-21T21:04:45Z",
"nvd_published_at": "2022-01-14T20:15:00Z",
"severity": "HIGH"
},
"details": "The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers\u0027 controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i \u003c Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0",
"id": "GHSA-gh88-3pxp-6fm8",
"modified": "2022-01-21T21:04:45Z",
"published": "2022-01-21T23:39:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23567"
},
{
"type": "WEB",
"url": "https://github.com/Marak/colors.js/issues/285"
},
{
"type": "WEB",
"url": "https://github.com/Marak/colors.js/issues/285%23issuecomment-1008212640"
},
{
"type": "WEB",
"url": "https://github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6%23diff-92bbac9a308cd5fcf9db165841f2d90ce981baddcb2b1e26cfff170929af3bd1R18"
},
{
"type": "PACKAGE",
"url": "https://github.com/Marak/colors.js"
},
{
"type": "WEB",
"url": "https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-COLORS-2331906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Infinite Loop in colors.js"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.