PT-2025-40041 — Financejs

PT-2025-40041 · Npm · Financejs

Published

2025-09-30

Updated

2025-09-30

CVSS v3.1

7.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400CWE-834

Related Identifiers

GHSA-F8R4-MF27-RF7M

Affected Products

Financejs

Weakness Enumeration

Related Identifiers

Affected Products

References · 6