@aprilsacil/wallet (>=0.1.36 <=0.1.51), @chainfuse/react (>=0.0.46 <=0.1.0-dev.96) +40 more potentially affected by CVE-2023-30543 via @web3-react/walletconnect (>=8.0.23-beta.0 <=8.0.36-beta.0)

@web3-react/walletconnect NPM version =8.0.23-beta.0, =0.1.36, =0.0.46, =0.0.70, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =1.0.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 - @huma-shan/shared =0.0.1 and more Source cves: CVE-2023-30543 Source advisory:...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @bosonprotocol/react-kit (>=0.1.0-alpha.0 <=0.1.0-alpha.2) +43 more potentially affected by CVE-2023-30543 via @web3-react/metamask (>=8.0.14-beta.0 <=8.0.28-beta.0)

@web3-react/metamask NPM version =8.0.14-beta.0, =0.1.36, =0.1.0-alpha.0, =0.0.46, =0.0.70, =1.0.0, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =1.0.0, =1.0.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 and more Source cves: CVE-2023-30543 Source advisory: OSV:GHSA-8PF3-6FGR-3G3G...

ChainSafe js-libp2p-noise 资源管理错误漏洞

ChainSafe js-libp2p-noise is an open source implementation of TypeScript containing the noise protocol from ChainSafe Canada. A resource management error vulnerability exists in ChainSafe js-libp2p versions prior to 0.38.0, which stems from vulnerability to targeted resource exhaustion attacks th...

Denial Of Service (DoS)

@chainsafe/lodestar is vulnerable to denial of service. The vulnerability exists because the library uses the uint64 values as native javascript numbers, allowing an attacker to crash the application by providing large uint64 values greater than 2^53 through the maliciously-crafted AttesterSlashi...

@chainsafe/lodestar-cli (>=0.12.0 <=0.28.2-dev.18) potentially affected by CVE-2022-29219 via @chainsafe/lodestar (>=0.12.0 <=0.28.2-dev.18)

@chainsafe/lodestar NPM version =0.12.0, =0.12.0, =0.28.2-dev.18 Source cves: CVE-2022-29219 Source advisory: OSV:GHSA-CVJ7-5F3C-9VG9...

Code injection

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...

CVE-2022-24759

In CVE-2022-24759, the @chainsafe/libp2p-noise TypeScript implementation fails to validate signatures during the handshake, enabling a potential man-in-the-middle impersonation of peers and subsequent banning. Affected versions are before 4.1.2 and 5.0.3. The documented remediation is to upgrade ...

CVE-2022-24759 Failure to validate signature during handshake in @chainsafe/libp2p-noise

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...

CVE-2022-24759 Failure to validate signature during handshake in @chainsafe/libp2p-noise

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...

ChainSafe js-libp2p-noise 数据伪造问题漏洞

ChainSafe js-libp2p-noise is an open source implementation of TypeScript containing the noise protocol from ChainSafe Canada. ChainSafe js-libp2p-noise is vulnerable to a data forgery issue that allows a man-in-the-middle to impersonate other peers and disable those peers...