Primary

Context

Finance.js Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Finance.js version 4.1.0. The issue arises in the seekZero() function, which lacks proper iteration limits, potentially leading to infinite loops. This flaw can cause excessive CPU usage and application crashes in both browser and Node.js environments.

Impact

Exploitation of this vulnerability can lead to increased CPU consumption, causing the application to stall or crash.

Reproduction

The vulnerability can be reproduced by calling the seekZero() function with a parameter that creates an infinite loop, such as a function that always returns a positive value. This will cause the function to continuously iterate without stopping, eventually overwhelming the CPU and causing the application to crash.

Added: Sep 30, 2025, 4:21 PM

Updated: Sep 30, 2025, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

0.6

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

0.6

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Finance.js Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating