16 matches found
CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
Exploit for Server-Side Request Forgery in Apeworx Web3.Py
CVE-2026-40072 SSRF Lab Hands-on local lab to demonstrate CVE...
CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
CVE-2026-40072
web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these...
Server-side Request Forgery (SSRF)
Overview web3 is a web3: A Python library for interacting with Ethereum Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CCIP Read process. An attacker can cause the application to make arbitrary HTTP requests to internal or external destinations by...
Malicious code in @ensdomains/ccip-read-cf-worker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd3f5e0ef4b518b71e371b472de64525c90fa98305becf54d8e15279e4d5d766 The package @ensdomains/ccip-read-cf-worker was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190929 Malicious code in @ensdomains/ccip-read-cf-worker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd3f5e0ef4b518b71e371b472de64525c90fa98305becf54d8e15279e4d5d766 The package @ensdomains/ccip-read-cf-worker was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
MAL-2025-190724 Malicious code in @ensdomains/ccip-read-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f7c2d429d8a938e077f0a3c6d29aa4d7880c8ceabd54c6d63411a6db8b08bef The package @ensdomains/ccip-read-router was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198746
Malicious code in @ensdomains/ccip-read-router npm...
EUVD-2025-198796
Malicious code in @ensdomains/ccip-read-dns-gateway npm...
Malicious code in @ensdomains/ccip-read-dns-gateway (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ddc155befe014da7ce46a7c122655187ecfb495a9af39726b73de5be9ad4f8c The package @ensdomains/ccip-read-dns-gateway was found to contain malicious code. Source: ghsa-malware...
Malicious code in @ensdomains/ccip-read-worker-viem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57b104a492d5893772494de67a98f0114e695a8d24e0444d12d0963029fc4b32 The package @ensdomains/ccip-read-worker-viem was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198799
Malicious code in @ensdomains/ccip-read-worker-viem npm...
MAL-2025-190725 Malicious code in @ensdomains/ccip-read-worker-viem (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57b104a492d5893772494de67a98f0114e695a8d24e0444d12d0963029fc4b32 The package @ensdomains/ccip-read-worker-viem was found to contain malicious code. Source: ghsa-malware...