Packages

decimal

2.3.0

2.3.0 0.1.0 0.0.2 0.0.1

Arbitrary precision decimal arithmetic.

Security advisory: This version has known vulnerabilities. View advisories

HexDocs HexPreview

Current section

1 Advisory

Jump to

Readme 4 Versions 0 Dependencies 103 Dependants 1 Advisory Activity

EEF-CVE-2026-32686 CVE-2026-32686 GHSA-rhv4-8758-jx7v

Unbounded exponent in decimal enables unauthenticated DoS

May 07, 2026

CVSS

6.9 / 10.0 Medium

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 0.1.0 and < 3.0.0

References

https://github.com/ericmj/decimal/security/advisories/GHSA-rhv4-8758-jx7v
https://cna.erlef.org/cves/CVE-2026-32686.html
https://github.com/ericmj/decimal/commit/6a523f3a73b8c9974540e21c7aa88f1258bb35ae

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

yesterday

last 7 days

all time

1 457 000

Last Updated

Sep 19, 2025

License

Apache-2.0

Build Tools

mix

Publisher

eric

Owners

eric

decimal

Checksum

Dependency Config

Package Details

Links

Owners