2 matches found
_executeTokenTransfer() can silently fail for malicious ERC721 implementations.
Lines of code Vulnerability details Impact execute calls executeTokenTransfer to perform the NFT transfer from seller to buyer. The function assumes correct safeTransferFrom functionality and does not check balances. In case of malicious - or poorly designed pausable ERC721 implementations, this...
GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...