Drpaulbrewer

Name of the Vulnerable Software and Affected Versions: cumulative-distribution-function versions prior to 2.0.0 Description: The issue arises when the cumulative-distribution-function library is used with improper data, potentially causing apps to crash or enter an infinite loop. This can occur in both nodejs server-apps and browser apps when they process invalid non-numeric data. The vulnerability enables an infinite-cpu-loop denial-of-service-attack if an attacker can supply malformed data to the library. It may also manifest if a data source changes from numeric to string data without detection by earlier versions of the library. Recommendations: For versions prior to 2.0.0, upgrade to at least v2.0.0 or the latest version to resolve the issue. As a temporary workaround for older versions, ensure that only finite numeric data of type `Array[number]` or `number` is passed to `cumulative-distribution-function` and its `f(x)` function, respectively. Developers using this library may wish to adjust their app's code to better tolerate or handle the `TypeError()` thrown by version 2.0.0 when it encounters invalid data.