cumulative-distribution-function@1.0.3 vulnerabilities

create empirical cumulative distribution function from array of values

latest version

2.1.1
latest non vulnerable version

2.1.1
first published

8 years ago
latest version published

3 years ago
licenses detected
- MIT
  >=0
View cumulative-distribution-function package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the cumulative-distribution-function package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Denial of Service (DoS) cumulative-distribution-function is a create empirical cumulative distribution function from array of values Affected versions of this package are vulnerable to Denial of Service (DoS). In the case of a NodeJS server-app using this library to act on invalid non-numeric data, the NodeJS server may crash. This may affect other users of this server and/or require the server to be rebooted for proper operation. In the case of a browser app using this library to act on invalid non-numeric data, that browser may crash or lock up. A flaw enabling an infinite-loop was discovered in the code for evaluating the cumulative-distribution-function of input data. Although the documentation explains that numeric data is required, some users may confuse an array of strings like ["1","2","3","4","5"] for numeric data [1,2,3,4,5] when it is in fact string data. An infinite loop is possible when the cumulative-distribution-function is evaluated for a given point when the input data is string data rather than type `number`. How to fix Denial of Service (DoS)? Upgrade `cumulative-distribution-function` to version 2.0.0 or higher.	<2.0.0

Denial of Service (DoS)

cumulative-distribution-function is a create empirical cumulative distribution function from array of values

Affected versions of this package are vulnerable to Denial of Service (DoS). In the case of a NodeJS server-app using this library to act on invalid non-numeric data, the NodeJS server may crash. This may affect other users of this server and/or require the server to be rebooted for proper operation. In the case of a browser app using this library to act on invalid non-numeric data, that browser may crash or lock up. A flaw enabling an infinite-loop was discovered in the code for evaluating the cumulative-distribution-function of input data. Although the documentation explains that numeric data is required, some users may confuse an array of strings like ["1","2","3","4","5"] for numeric data [1,2,3,4,5] when it is in fact string data. An infinite loop is possible when the cumulative-distribution-function is evaluated for a given point when the input data is string data rather than type number.

How to fix Denial of Service (DoS)?

Upgrade cumulative-distribution-function to version 2.0.0 or higher.

<2.0.0

Go back to all versions of this package

cumulative-distribution-function@1.0.3 vulnerabilities

create empirical cumulative distribution function from array of values

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities