Malicious Package

Overview web3-utils-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

@hyperledger/cactus-plugin-htlc-coordinator-besu (=2.0.0-alpha.2), @hyperledger/cactus-plugin-persistence-ethereum (>=2.0.0-2945-supply-chain-app-build-failed.241 <=2.0.0-main.214) +19 more potentially affected by CVE-2024-21505 via web3-utils (>=4.0.2-dev.a2a232f.0 <=4.2.1-dev.9d65c38.0)

web3-utils NPM version =4.0.2-dev.a2a232f.0, =2.0.0-2945-supply-chain-app-build-failed.241, =2.0.0-2945-supply-chain-app-build-failed.241, =0.0.88, =0.0.84, =0.0.244-test-deposit-improve-v19, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0,...

PT-2024-18920 · Unknown · Web3-Utils

Name of the Vulnerable Software and Affected Versions: web3-utils versions prior to 4.2.1 Description: The issue concerns Prototype Pollution via the utility functions format and mergeDeep due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to th...

Prototype Pollution

Overview web3-utils is a Collection of utility functions used in web3.js. Affected versions of this package are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading ...