Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyM20tbWhmbS0zOWNt
Incorrect Calculation in bigint-money
Versions of bigint-money prior to 0.6.2 are vulnerable to an Incorrect Calculation. The package incorrectly rounded certain numbers, which could have drastic consequences due to its usage in financial systems.
Recommendation
Upgrade to version 0.6.2 or later.
Permalink: https://github.com/advisories/GHSA-9r3m-mhfm-39cmJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyM20tbWhmbS0zOWNt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-9r3m-mhfm-39cm
References: Blast Radius: 0.0
Affected Packages
npm:bigint-money
Dependent packages: 3Dependent repositories: 5
Downloads: 6,145 last month
Affected Version Ranges: < 0.6.2
Fixed in: 0.6.2
All affected versions: 0.0.1, 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.6.1
All unaffected versions: 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.7.1, 0.8.0, 0.8.1, 0.8.2, 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 2.0.0