8 matches found
Improper Input Validation
mppx is vulnerable to improper input validation. The vulnerability is due to improper validation in the cooperative close handler, where the close voucher amount was checked using “” instead of “=” against the on-chain settled amount, which allows an attacker to submit a close voucher equal to th...
CVE-2026-34209
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
Replay Attack
Overview mppx is a /picture Affected versions of this package are vulnerable to Replay Attack in the tempo/session cooperative close handler due to improper validation of the close voucher amount. An attacker can bypass intended restrictions by submitting a close voucher with an amount exactly...
GHSA-MV9J-8JVG-J8MR mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...