18 matches found
CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
Exploit for Server-Side Request Forgery in Apeworx Web3.Py
CVE-2026-40072 SSRF Lab Hands-on local lab to demonstrate CVE...
CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
Server-side Request Forgery (SSRF)
Overview web3 is a web3: A Python library for interacting with Ethereum Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CCIP Read process. An attacker can cause the application to make arbitrary HTTP requests to internal or external destinations by...
MAL-2025-190929 Malicious code in @ensdomains/ccip-read-cf-worker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd3f5e0ef4b518b71e371b472de64525c90fa98305becf54d8e15279e4d5d766 The package @ensdomains/ccip-read-cf-worker was found to contain malicious code. Source: ghsa-malware...
Malicious code in @ensdomains/ccip-read-cf-worker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd3f5e0ef4b518b71e371b472de64525c90fa98305becf54d8e15279e4d5d766 The package @ensdomains/ccip-read-cf-worker was found to contain malicious code. Source: ghsa-malware...
@ensdomains/ccip-read-dns-gateway (=0.1.0), @ensdomains/evm-gateway (>=0.1.0-beta.0 <=0.1.0-beta.4) +1 more potentially affected by unknown CVE via @ensdomains/ccip-read-cf-worker (=0.0.1)
@ensdomains/ccip-read-cf-worker NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @ensdomains/ccip-read-cf-worker and may be impacted: - @ensdomains/ccip-read-dns-gateway =0.1.0 - @ensdomains/evm-gateway =0.1.0-beta.0, =0.1.0-beta.2,...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198746
Malicious code in @ensdomains/ccip-read-router npm...
@ensdomains/l1-gateway (=0.0.0-feat-viem.20240822T231724706) potentially affected by unknown CVE via @ensdomains/ccip-read-router (=0.0.5)
@ensdomains/ccip-read-router NPM version =0.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on @ensdomains/ccip-read-router and may be impacted: - @ensdomains/l1-gateway =0.0.0-feat-viem.20240822T231724706 Source cves: unknown CVE Source advisory:...
MAL-2025-190724 Malicious code in @ensdomains/ccip-read-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f7c2d429d8a938e077f0a3c6d29aa4d7880c8ceabd54c6d63411a6db8b08bef The package @ensdomains/ccip-read-router was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198796
Malicious code in @ensdomains/ccip-read-dns-gateway npm...
Malicious code in @ensdomains/ccip-read-dns-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ddc155befe014da7ce46a7c122655187ecfb495a9af39726b73de5be9ad4f8c The package @ensdomains/ccip-read-dns-gateway was found to contain malicious code. Source: ghsa-malware...
Malicious code in @ensdomains/ccip-read-worker-viem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57b104a492d5893772494de67a98f0114e695a8d24e0444d12d0963029fc4b32 The package @ensdomains/ccip-read-worker-viem was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190725 Malicious code in @ensdomains/ccip-read-worker-viem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57b104a492d5893772494de67a98f0114e695a8d24e0444d12d0963029fc4b32 The package @ensdomains/ccip-read-worker-viem was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198799
Malicious code in @ensdomains/ccip-read-worker-viem npm...