cumulative-distribution-function@1.0.0 vulnerabilities

create empirical cumulative distribution function from array of values

latest version

2.1.1

latest non vulnerable version

2.1.1

first published

8 years ago

latest version published

3 years ago

licenses detected

MIT
>=0

View cumulative-distribution-function package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the cumulative-distribution-function package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Denial of Service (DoS) cumulative-distribution-function is a create empirical cumulative distribution function from array of values Affected versions of this package are vulnerable to Denial of Service (DoS). In the case of a NodeJS server-app using this library to act on invalid non-numeric data, the NodeJS server may crash. This may affect other users of this server and/or require the server to be rebooted for proper operation. In the case of a browser app using this library to act on invalid non-numeric data, that browser may crash or lock up. A flaw enabling an infinite-loop was discovered in the code for evaluating the cumulative-distribution-function of input data. Although the documentation explains that numeric data is required, some users may confuse an array of strings like ["1","2","3","4","5"] for numeric data [1,2,3,4,5] when it is in fact string data. An infinite loop is possible when the cumulative-distribution-function is evaluated for a given point when the input data is string data rather than type `number`. How to fix Denial of Service (DoS)? Upgrade `cumulative-distribution-function` to version 2.0.0 or higher.	<2.0.0

Denial of Service (DoS)

cumulative-distribution-function is a create empirical cumulative distribution function from array of values

Affected versions of this package are vulnerable to Denial of Service (DoS). In the case of a NodeJS server-app using this library to act on invalid non-numeric data, the NodeJS server may crash. This may affect other users of this server and/or require the server to be rebooted for proper operation. In the case of a browser app using this library to act on invalid non-numeric data, that browser may crash or lock up. A flaw enabling an infinite-loop was discovered in the code for evaluating the cumulative-distribution-function of input data. Although the documentation explains that numeric data is required, some users may confuse an array of strings like ["1","2","3","4","5"] for numeric data [1,2,3,4,5] when it is in fact string data. An infinite loop is possible when the cumulative-distribution-function is evaluated for a given point when the input data is string data rather than type number.

How to fix Denial of Service (DoS)?

Upgrade cumulative-distribution-function to version 2.0.0 or higher.

<2.0.0

Go back to all versions of this package