cumulative-distribution-function Infinite Loop vulnerability

Severity:: High

Description

A flaw enabling an infinite-loop was discovered in the code for evaluating the cumulative-distribution-function of input data. Although the documentation explains that numeric data is required, some users may confuse an array of strings like [“1”,”2”,”3”,”4”,”5”] for numeric data [1,2,3,4,5] when it is in fact string data.

Recommendation

Update the cumulative-distribution-function package to the latest compatible version. Followings are version details:

Affected version(s): < 2.0.0
Patched version(s): 2.0.0

References

GHSA-58qp-5328-v7mh
www.npmjs.com
CVE-2021-29486
CWE-20
CWE-835
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Command Injection Vulnerability in systeminformation - CVE-2021-21388
XSS vulnerability allowing arbitrary JavaScript execution - CVE-2021-41174
string-kit Inefficient Regular Expression Complexity vulnerability - CVE-2021-4299
Incorrect sanitisation function leads to `XSS` in mermaid - CVE-2021-43861

Tags:: npm; cumulative-distribution-function

Anything's wrong? Let us know Last updated on January 29, 2023