Malicious code in @onerjs/procedural-textures (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0986739ab06b1514203d94938604b093b9ddfa2126a452ae0cc92795123a153a Package is published as @onerjs/procedural-textures but its metadata identifies it as the Babylon.js Procedural Textures Library: package.json declar...

GO-2025-4211 Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers in github.com/babylonlabs-io/babylon

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers in github.com/babylonlabs-io/babylon...

GHSA-M6WQ-66P2-C8PC Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers

Summary A vulnerability exists in Babylon’s BLS vote extension processing where a malicious active validator can submit a VoteExtension with the blockhash field omitted from the protobuf serialization. Because protobuf fields are optional, unmarshalling succeeds but leaves BlockHash as nil. Babyl...

GO-2025-4159 Babylon's BIP322 signature implementation is not fully compliant to the spec in github.com/babylonlabs-io/babylon

Babylon's BIP322 signature implementation is not fully compliant to the spec in github.com/babylonlabs-io/babylon...

GO-2025-4157 Babylon's malformed vote extensions are not rejected in github.com/babylonlabs-io/babylon

Babylon's malformed vote extensions are not rejected in github.com/babylonlabs-io/babylon...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper enforcement of the SIGHASH value in the signature verification process. An attacker can submit non-compliant signatures that are incorrectly accepted as valid by providing...