2 matches found
spotify-song-suggestor (=0.0.0), transcend-boilerplate-multipage-react (>=1.0.0 <=1.0.1) +8 more potentially affected by CVE-2021-29486 via cumulative-distribution-function (=1.0.3)
cumulative-distribution-function NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on cumulative-distribution-function and may be impacted: - spotify-song-suggestor =0.0.0 - transcend-boilerplate-multipage-react =1.0.0, =1.0.2, =1.0.1,...
CVE-2021-29486
The CVE concerns the npm library cumulative-distribution-function. A flaw in versions prior to 2.0.0 can cause an infinite-cpu-loop denial of service when the library processes invalid data (notably arrays of strings instead of numbers), impacting node.js servers and browser apps that do not vali...