7 matches found
Motoko 安全漏洞
Motoko is a secure, simple, participant-based programming language open-sourced by DFINITY for building Internet Computer ICP jar smart contracts. Motoko has a security vulnerability that stems from the incremental garbage collector containing an uninitialized memory access error...
UN and DFINITY Partner on MSME Blockchain Project for Secure Funding
United Nations Development Programme UNDP Partners with the DFINITY Foundation to Enhance Financial Inclusion of MSMEs!...
GHSA-84C3-J8R2-MCM8 @nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control. Solution Usin...
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Problem User sessions in the @nfid/embed SDK with Ed25519 keys are vulnerable due to a compromised private key 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. This exposes users to potential loss of funds on ledgers and unauthorized access to canisters they control. Solution Usin...
@bundly/ic-core-js (>=0.1.0 <=0.4.2-rc.4), @bundly/ic-react (>=0.1.0 <=0.4.2-rc.4) +10 more potentially affected by CVE-2024-1631 via @dfinity/auth-client (>=0.20.2 <=0.9.3)
@dfinity/auth-client NPM version =0.20.2, =0.1.0, =0.1.0, =0.1.1, =0.0.2, =0.0.1, =0.0.1, =0.0.3, =0.0.2, =0.0.38-next-2023-12-19, =0.0.1, =0.0.7 Source cves: CVE-2024-1631 Source advisory: OSV:GHSA-C9VV-FHGV-CJC3...
@bundly/ic-core-js (>=0.1.0 <=0.4.2-rc.4), @bundly/ic-react (>=0.1.0 <=0.4.2-rc.4) +29 more potentially affected by CVE-2024-1631 via @dfinity/identity (>=0.20.2 <=0.9.3)
@dfinity/identity NPM version =0.20.2, =0.1.0, =0.1.0, =0.1.1, =0.0.2, =0.8.5, =0.8.0, =0.8.4, =0.1.8, =0.1.11, =1.0.0-alpha.0, =1.7.0, =0.0.1, =0.0.1, =0.0.4, =0.0.5-fix6 and more Source cves: CVE-2024-1631 Source advisory: OSV:GHSA-C9VV-FHGV-CJC3...
PT-2024-18179
Name of the Vulnerable Software and Affected Versions @dfinity/identity versions prior to 1.0.1 Description The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret...