8 matches found
Denial-of-service (DoS)
financejs is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of input in the seekZero parameter, which allows an attacker to trigger excessive computation and cause the application to become unresponsive...
@criticide/maxfest (>=1.0.19 <=1.2.3), @criticide/maxfestvest (=0.1.0) +19 more potentially affected by CVE-2025-56571 +1 more via financejs (>=4.0.0 <=4.1.0)
financejs NPM version =4.0.0, =1.0.19, =1.0.2, =0.0.6, =0.0.1, =1.0.0, =0.0.1, =1.0.1, =1.0.47, =1.0.23, =1.0.32, =0.1.0, =0.9.0 - estiband =0.1.0 - gulp-hotcopy =0.5.6 and more Source cves: CVE-2025-56571, CVE-2025-56572 Source advisory: SNYK:JS-FINANCEJS-13169952...
@criticide/maxfest (>=1.0.19 <=1.2.3), @criticide/maxfestvest (=0.1.0) +19 more potentially affected by CVE-2025-56571 +1 more via financejs (>=4.0.0 <=4.1.0)
financejs NPM version =4.0.0, =1.0.19, =1.0.2, =0.0.6, =0.0.1, =1.0.0, =0.0.1, =1.0.1, =1.0.47, =1.0.23, =1.0.32, =0.1.0, =0.9.0 - estiband =0.1.0 - gulp-hotcopy =0.5.6 and more Source cves: CVE-2025-56571, CVE-2025-56572 Source advisory: OSV:GHSA-F8R4-MF27-RF7M...
Allocation of Resources Without Limits or Throttling
Overview financejs is an A JavaScript library for financial calculations Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the seekZero function that lacks iteration limits. An attacker can cause the application to become unresponsive by...
@criticide/maxfest (>=1.0.19 <=1.2.3), @criticide/maxfestvest (=0.1.0) +19 more potentially affected by CVE-2025-56571 +1 more via financejs (>=4.0.0 <=4.1.0)
financejs NPM version =4.0.0, =1.0.19, =1.0.2, =0.0.6, =0.0.1, =1.0.0, =0.0.1, =1.0.1, =1.0.47, =1.0.23, =1.0.32, =0.1.0, =0.9.0 - estiband =0.1.0 - gulp-hotcopy =0.5.6 and more Source cves: CVE-2025-56571, CVE-2025-56572 Source advisory: SNYK:JS-FINANCEJS-13169918...
@criticide/maxfest (>=1.0.19 <=1.2.3), @criticide/maxfestvest (=0.1.0) +19 more potentially affected by CVE-2025-56571 +1 more via financejs (>=4.0.0 <=4.1.0)
financejs NPM version =4.0.0, =1.0.19, =1.0.2, =0.0.6, =0.0.1, =1.0.0, =0.0.1, =1.0.1, =1.0.47, =1.0.23, =1.0.32, =0.1.0, =0.9.0 - estiband =0.1.0 - gulp-hotcopy =0.5.6 and more Source cves: CVE-2025-56571, CVE-2025-56572 Source advisory: OSV:GHSA-5Q7Q-P8PC-782H...
Allocation of Resources Without Limits or Throttling
Overview financejs is an A JavaScript library for financial calculations Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the IRR function's depth parameter. An attacker can cause excessive CPU usage and potentially crash the application...
CVE-2025-56571
Finance.js v4.1.0 contains a Denial of Service DoS vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes...