Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-30543
HistoryApr 17, 2023 - 10:15 p.m.

CVE-2023-30543

2023-04-1722:15:10
CWE-362
[email protected]
web.nvd.nist.gov
16
2
web3-react
ethereum apps
cve-2023-30543
security
outdated chainid
data derivation

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React() may be incorrect. In an application, this means that any data derived from chainId could be incorrect. For example, if a swapping application derives a wrapped token contract address from the chainId and a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.

Affected configurations

Vulners
NVD
Node
uniswapweb3-react_eip1193Range<8.0.35-beta.0
OR
uniswapweb3-react_eip1193Range<8.0.27-beta.0
OR
uniswapweb3-react_eip1193Range<8.0.30-beta.0
OR
uniswapweb3-react_eip1193Range<8.0.37-beta.0
VendorProductVersionCPE
uniswapweb3\-react_eip1193*cpe:2.3:a:uniswap:web3\-react_eip1193:*:*:*:*:*:*:*:*
uniswapweb3\-react_eip1193*cpe:2.3:a:uniswap:web3\-react_eip1193:*:*:*:*:*:*:*:*
uniswapweb3\-react_eip1193*cpe:2.3:a:uniswap:web3\-react_eip1193:*:*:*:*:*:*:*:*
uniswapweb3\-react_eip1193*cpe:2.3:a:uniswap:web3\-react_eip1193:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Uniswap",
    "product": "web3-react",
    "versions": [
      {
        "version": "@web3-react/coinbase-wallet: >= 6, < 8.0.35-beta.0",
        "status": "affected"
      },
      {
        "version": "@web3-react/eip1193: >= 6, < 8.0.27-beta.0",
        "status": "affected"
      },
      {
        "version": "@web3-react/metamask: >= 6, < 8.0.30-beta.0",
        "status": "affected"
      },
      {
        "version": "@web3-react/walletconnect: >= 6, < 8.0.37-beta.0",
        "status": "affected"
      }
    ]
  }
]

Social References

More

Related

osv 2
cvelist 1
prion 1
github 1
nvd 1
veracode 1
osv
osv
CVE-2023-30543
2023-04-17 22:15:10
`chainId` may be outdated if user changes chains as part of connection in @web3-react
2023-04-18 22:29:53
cvelist
cvelist
CVE-2023-30543 `chainId` may be outdated if user changes chains as part of connection in @web3-react
2023-04-17 21:02:20
prion
prion
Design/Logic Flaw
2023-04-17 22:15:00
github
github
`chainId` may be outdated if user changes chains as part of connection in @web3-react
2023-04-18 22:29:53
nvd
nvd
CVE-2023-30543
2023-04-17 22:15:10
veracode
veracode
Race Condition
2023-04-21 08:09:38

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON
Related for CVE-2023-30543
osv2cvelist1prion1github1nvd1veracode1