14 matches found
Denial-of-service (DoS)
financejs is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of input in the seekZero parameter, which allows an attacker to trigger excessive computation and cause the application to become unresponsive...
EUVD-2025-31749
Malicious code in bioql PyPI...
CVE-2025-56572
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...
Allocation of Resources Without Limits or Throttling
Overview financejs is an A JavaScript library for financial calculations Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the seekZero function that lacks iteration limits. An attacker can cause the application to become unresponsive by...
Finance.js vulnerable to DoS via the seekZero() parameter
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...
GHSA-5Q7Q-P8PC-782H Finance.js vulnerable to DoS via the seekZero() parameter
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...
CVE-2025-56572
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...
CVE-2025-56572
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...
PT-2025-40001
Name of the Vulnerable Software and Affected Versions finance.js version 4.1.0 Description An issue allows a remote attacker to cause a denial of service via the seekZero parameter. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
PT-2025-40038
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...
Finance.js 安全漏洞
Finance.js is a JavaScript library for financial calculations by Essam B. Individual Developer. A security vulnerability exists in Finance.js version 4.1.0, which stems from improper handling of the seekZero parameter and could lead to a denial of service attack...
CVE-2025-56572
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...
CVE-2025-56572
An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero parameter...
CVE-2025-56572
CVE-2025-56572 affects finance.js v4.1.0 and describes a Denial of Service via the seekZero() parameter or IRR depth parameter. Root cause is improper handling of recursion/iteration limits, leading to excessive CPU usage and potential application stalls or crashes. Reported in multiple sources (...