23 matches found
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...
GHSA-97R5-PG8X-P63P Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...
PT-2026-42857
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth...
Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAuth identity acceptance
Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user. If an attacker can operate an already-authenticated but stale victim session, they can complete OAuth verification using their own OAuth identity...
From Consensus to Chaos: A Vulnerability Assessment of the RAFT Algorithm
In recent decades, the RAFT distributed consensus algorithm has become a main pillar of the distributed systems ecosystem, ensuring data consistency and fault tolerance across multiple nodes. Although the fact that RAFT is well known for its simplicity, reliability, and efficiency, its security...
Towards a Formal Verification of Secure Vehicle Software Updates
With the rise of software-defined vehicles SDVs, where software governs most vehicle functions alongside enhanced connectivity, the need for secure software updates has become increasingly critical. Software vulnerabilities can severely impact safety, the economy, and society. In response to this...
UBUNTU-CVE-2024-56170
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent...
depositAsset() does not check for slippage
Lines of code Vulnerability details Impact Prices are fetched from Chainlink but it is possible that the prices are stale due to to the fact that it is not checking for the freshness of the price or chainlink could be experiencing a crash event where it would return prices between a minimum and...
Chainlink price feed responses are not validated
NEW ISSUE - MITIGATION IS NOT CONFIRMED NEW ISSUE - MITIGATION IS NOT CONFIRMED adriro-NEW-H-02 Chainlink price feed responses are not validated Link to changesets: Impact The protocol team introduced Chainlink price feeds for the Reth and WstEth derivatives in order to mitigate price manipulatio...
Sorting Through Haystacks to Find CTI Needles
Clouded vision CTI systems are confronted with some major issues ranging from the size of the collection networks to their diversity, which ultimately influence the degree of confidence they can put on their signals. Are they fresh enough and sufficiently reliable to avoid any false positives or...
Unchecked return price > 0 oracle
Lines of code Vulnerability details Impact In the function price, there is no check that the return price that chainlink sends is 0. uint80 roundId, int256 p, , uint256 updateTime, uint80 answeredInRound = chainlinkFeed .latestRoundData; if updateTime == 0 || answeredInRound timeout revert...
TradingLibrary#verifyPrice doesn't check if data is fresh which can lead to costly downtime
Lines of code Vulnerability details Impact verifyPrice may check against stale data causing valid transactions to revert Proof of Concept if chainlinkEnabled && chainlinkFeed != address0 int256 assetChainlinkPriceInt = IPricechainlinkFeed.latestAnswer; if assetChainlinkPriceInt != 0 uint256...
[NAZ-M2] Lack of Price Freshness Check In Oracle.sol#latestRoundData() Allows A Stale Price To Be Used
Lines of code Vulnerability details Impact Oracle.sol should use the updatedAt value from the Oracle.sollatestRoundData function to make sure that the latest answer is recent enough to be used. Proof of Concept In the current implementation of Oracle.sollatestRoundData, there is no freshness chec...
Price Feed is not checked for freshness and may report old / incorrect value
Lines of code Vulnerability details Price Feed is not checked for freshness In times of network conjestion, the priceFeed may take longer than expected to update, and the price may take longer than usual to update, in order to ensure the latest price is fresh within update window, you should veri...
FungibleAssetVaultForDAO: Use latestRoundData + validate data freshness
Lines of code Vulnerability details Details & Impact The deprecated latestAnswer API is being used, which may at any time fail to work if Chainlink ends support for it. In addition, the data freshness should be checked. The oracle could, for example, not have been updated in a while, causing...
Oracle prices could be not fresh
Handle 0x1f8b Vulnerability details Impact Unsafe oracle call. Proof of Concept The contract Cvx3CrvOracle doesn't check that the data is fress, it call the method latestRoundData, this method allow you to run some extra validations, but these validations were not made. According to the chain.lin...
SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS
Handle defsec Vulnerability details Impact The peek function in the contract Cvx3CrvOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on timestamp, resulting in stale prices. The oracle wrapper calls out to a chainlink...
UniswapV3Oracle.sol Does Not Use latestRoundData() Instead of latestAnswer()
Handle leastwood Vulnerability details Impact This issue was submitted in WildCredit's previous audit but has not been fixed, so raising the issue again. latestAnswer is used in UniswapV3Oracle.sol over latestRoundData to get the latest price data for WETH. There are no checks to ensure the data...
Insufficient validation of rate value
Handle JMukesh Vulnerability details Impact it lack the checking of the value that it is fresh or not, if data is not fresh it can affect exchange rate. these following condition should be met to ensure that data is fresh requireupdateTime != 0, "Incomplete round"; requireansweredInRound = roundI...
UniswapV3Oracle: Check for stale ETH prices
Handle greiart Vulnerability details Impact Freshness of the returned ETH price should be checked, since it affects an account's health and therefore liquidations. The latestAnswer function is deprecated see comment on EACAggregatorProxy, and the use latestRoundData is recommended instead...