Описание
Finance.js vulnerable to DoS via the IRR function’s depth parameter
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.
Пакеты
Наименование
financejs
npm
Затронутые версииВерсия исправления
<= 4.1.0
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
4 месяца назад
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.