77 matches found
MetaMask: MetaMask Browser URL and Transaction Origin Spoofing - Metamask wallet Android & Metamask wallet iOS
Vulnerability description not provided...
Malicious Package
Overview metamask-docs-next is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
MetaMask: Bypass parsing of transaction data, users on the phishing site will transfer/approve ERC20 tokens without being alerted
Vulnerability description not provided...
The vulnerability of the “Restore Session” function in Web3 wallets for cryptocurrency MetaMask allows a hacker to gain access to the session restoration password.
The vulnerability of the “Restore Session” function in Web3 wallets for cryptocurrency MetaMask relates to the storage of confidential information in an unencrypted form. Exploiting this vulnerability could allow a attacker to gain access to the session restoration function...
CVE-2022-32969
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
CVE-2022-32969
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
CVE-2022-32969
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
Design/Logic Flaw
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
CVE-2022-32969
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue...
CVE-2022-32969
MetaMask extension vulnerability CVE-2022-32969: in versions prior to 10.11.3, an input field is used for a BIP39 mnemonic and Firefox/Chromium Restore Session saves such fields to disk, enabling access to the user's secret recovery phrase. Root cause: insecure storage of mnemonic in a UI field t...
MetaMask 安全漏洞
MetaMask is a crypto wallet and gateway for blockchain applications in the MetaMask community. A security vulnerability exists in versions prior to MetaMask 10.11.3, which can be exploited by an attacker to access a user's secret recovery phrase...
Malicious Package
Overview metamask is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview metamask-state-log-explorer is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...
Malicious Package
Overview metamask-docs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious code in metamask-state-log-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74f2aa6b68c9e177ae4997861edb4ebefa1bcd766ce9db1651ed270d20908eb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4573 Malicious code in metamask-state-log-explorer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74f2aa6b68c9e177ae4997861edb4ebefa1bcd766ce9db1651ed270d20908eb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
magnirepudiandae (>=1.0.0 <=1.2.0), temporibusbeatae (>=1.0.0 <=1.3.1) +2 more potentially affected by unknown CVE via metamask (=0.0.1-security)
metamask NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on metamask and may be impacted: - magnirepudiandae =1.0.0, =1.0.0, =1.1.2, =1.1.3 Source cves: unknown CVE Source advisory: OSV:MAL-2022-4571...
MAL-2022-4572 Malicious code in metamask-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61c1b1a606468376d3cb2a636e220c258458fdc1f12980fc4d21644b7f6197b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4571 Malicious code in metamask (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38e2affd092587764a4e9baea51817d4947d956b75e48c710a03cdc29283db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in metamask (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38e2affd092587764a4e9baea51817d4947d956b75e48c710a03cdc29283db5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...