CNNVD-202509-4459 Information

CNNVD ID

CNNVD-202509-4459

Related CVE

CVE-2025-56572

• CNNVD Published: 2025-09-30

Description (Chinese)

Finance.js是Essam B.个人开发者的一个用于财务计算的JavaScript库。 Finance.js 4.1.0版本存在安全漏洞，该漏洞源于seekZero参数处理不当，可能导致拒绝服务攻击。

Description (English)

Finance.js is a JavaScript library for financial calculations by Essam B. Personal Developer. There is a security gap in version Finance.js 4.1.0, which stems from the mishandling of the SeekZero parameters, which may lead to a denial of service attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-30

Last Modified

2026-02-24

References

http://financejs.com https://github.com/ebradyjobory/finance.js https://medium.com/@nakah_/cve-2025-56571-and-cve-2025-56572-denial-of-service-vulnerabilities-in-finance-js-78f8b399f53b https://raw.githack.com/ebradyjobory/finance.js/6d571ea2a86d08491ceb584e292e9b76b0a60636/finance.js