decimal
Ecosystem:
hex
hex
Package URL:
pkg:hex/decimal
Total PRs:
2 Dependabot PRs
2 Dependabot PRs
Latest PR:
15 days ago
15 days ago
Unique Repositories:
2 repositories
2 repositories
Unique Repos (30 days):
1 repository
1 repository
Security Advisories
Unbounded exponent in decimal enables unauthenticated DoS
EEF-CVE-2026-32686
GHSA-rhv4-8758-jx7v
CVE-2026-32686
MEDIUM
published about 1 month ago
• updated about 7 hours ago
## Summary
Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service.
The decimal library...
Decimal: Unbounded exponent in `Decimal.new` enables unauthenticated DoS
GHSA-rhv4-8758-jx7v
CVE-2026-32686
MODERATE
published about 1 month ago
• updated 21 days ago
Summary
`decimal` doesn't bound the exponent on parsed input, so something like `"1e10000000"` is parsed fine but then explodes the memory to more ...
Recent PRs
Bump decimal from 2.3.0 to 2.4.1
makewalletfirst/EtherEver-BlockScout8 #14
2.3.0 → 2.4.1
Minor PR
Closed
15 days ago
1 comment
chore(deps): bump decimal from 2.1.1 to 2.3.0
weimeme/rikdruk-blockscout #19
2.1.1 → 2.3.0
Minor PR
Open
11 months ago
Package Details
| Name: | decimal |
| Ecosystem: | hex |
| PURL Type: | hex |
| Package URL: | pkg:hex/decimal |
| JSON API: | View JSON |
Security Advisories
Package Information
Description:
Arbitrary precision decimal arithmetic.
| Repository: | https://github.com/ericmj/decimal |
| Latest Release: |
2.3.0
over 1 year ago |
| Dependent Repos: | 12,007 |
| Dependent Packages: | 200 |
| Downloads: | 142,654,966 |
| Ranking: | Top 0.0963% by dependent repos Top 0.0835% by downloads Top 0.1477% by dependent pkgs |
PR Types
Minor
2 (100.0%)