Design/Logic Flaw

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

CVE-2023-30543 `chainId` may be outdated if user changes chains as part of connection in @web3-react

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

CVE-2023-30543 `chainId` may be outdated if user changes chains as part of connection in @web3-react

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

CVE-2023-30543

Con concrete details: The CVE-2023-30543 entry concerns @web3-react, where chainId can become outdated during a user’s chain-switch in the connection flow. The root cause is that useWeb3React() may return an incorrect chainId, causing dependent data (e.g., wrapped token addresses) to be computed ...

PT-2023-22770 · Npm · @Web3-React/Eip1193 +4

Name of the Vulnerable Software and Affected Versions: @web3-react versions prior to the updated npm artifacts Description: The chainId may be outdated if the user changes chains as part of the connection flow, causing the value of chainId returned by useWeb3React to be incorrect. This can lead t...

web3-react 竞争条件问题漏洞

web3-react is a simple, maximally scalable, dependency-minimizing framework for building modern ethereum dApps. web3-react suffers from a Competing Conditions Issue vulnerability that stems from the fact that any data derived from a chainId may be incorrect if a user changes the chain during the...

Malicious Package

Overview eos-react-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview prism-subapps-react-common is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Malicious Package

Overview react-sports is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Prototype Pollution

matrix-react-sdk is vulnerable to Prototype Pollution. The vulnerability exists because, in certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype which may lead to an application crash...

Malicious code in react-sports (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a36f3d3c020e8060abbc0f642934bed99c8594f79b7306030d885b0bd3a838d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-735 Malicious code in react-sports (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a36f3d3c020e8060abbc0f642934bed99c8594f79b7306030d885b0bd3a838d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-sports-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4dc4fa4bf228c9c09ee80e076570ba795f4bbf16efab3df7655ef3c27fa9993 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-736 Malicious code in react-sports-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f4dc4fa4bf228c9c09ee80e076570ba795f4bbf16efab3df7655ef3c27fa9993 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2023-28103 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2023-28103 Source advisory: OSV:GHSA-6G43-88CP-W5GV...

Prototype pollution in matrix-react-sdk

Impact In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is part 2, where...

CVE-2023-28103

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

Design/Logic Flaw

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

Design/Logic Flaw

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the Object.prototype, disrupting matrix-react-sdk functionality, causing denial of service and...