cumulative-distribution-function@1.0.3 vulnerabilities
create empirical cumulative distribution function from array of values
-
latest version
2.1.1
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
3 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the cumulative-distribution-function package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
cumulative-distribution-function is a create empirical cumulative distribution function from array of values Affected versions of this package are vulnerable to Denial of Service (DoS). In the case of a NodeJS server-app using this library to act on invalid non-numeric data, the NodeJS server may crash. This may affect other users of this server and/or require the server to be rebooted for proper operation. In the case of a browser app using this library to act on invalid non-numeric data, that browser may crash or lock up.
A flaw enabling an infinite-loop was discovered in the code for evaluating the cumulative-distribution-function of input data. Although the documentation explains that numeric data is required, some users may confuse an array of strings like ["1","2","3","4","5"] for numeric data [1,2,3,4,5] when it is in fact string data. An infinite loop is possible when the cumulative-distribution-function is evaluated for a given point when the input data is string data rather than type How to fix Denial of Service (DoS)? Upgrade |
<2.0.0
|