3 matches found
`Program<System>` accepts arbitrary executable programs
Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...
LicenseStore (=0.1.0), NT-anchor-lang (=0.19.0) +944 more potentially affected by unknown CVE via borsh (>=0.2.10 <=0.9.3)
borsh CARGO version =0.2.10, =0.19.0, =0.4.1, =0.1.0, =0.1.0, =1.0.5, =0.0.1, =0.0.1, =0.0.0-alpha, =0.0.1, =0.0.1-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0033...
MAL-2022-992 Malicious code in anchor-lang (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ead75f6f1a06885c859de3db6135c335ed8dfe9a9f6b95aa938723e6cf38c80a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...