CVE-2024-54134

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

Malicious code in solana-web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae0ba85746959ae8f7ae3dc7a934de9e4cb299669dbb270322fa2d8871fd8326 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-54134 @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material

A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots,...

solana/web3.js 信息泄露漏洞

solana/web3.js is a JavaScript library from Solana Labs. An information disclosure vulnerability exists in solana/web3.js versions 1.95.6 and 1.95.7, which stems from a vulnerability that allows an attacker to distribute unauthorized malicious packages that have been modified to steal private key...

Malicious code in @solana/web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 507e136eb7d13bd9c88a5e20d692768a759c2ae382d1ab54ba66c196b560cacb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11183 Malicious code in @solana/web3.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 507e136eb7d13bd9c88a5e20d692768a759c2ae382d1ab54ba66c196b560cacb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-9247 · Solana · @Solana/Web3.Js

Name of the Vulnerable Software and Affected Versions: @solana/web3.js versions 1.95.6 through 1.95.7 Description: A publish-access account was compromised for @solana/web3.js, a JavaScript library commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious...

@convexitydmcc/wallet-adapter-walletconnect (>=2.0.0-beta.26 <=2.0.0-rc.5), @renec-foundation/gasless-sdk (>=0.2.3 <=0.2.6) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.48.0)

@solana/web3.js NPM version =1.48.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @convexitydmcc/wallet-adapter-walletconnect =2.0.0-beta.26, =0.2.3, =3.0.0, =6.3.0-profits-mercurial-rc8 Source cves:...

@brave/wallet-standard-brave (>=0.0.8 <=0.0.12), @oraichain/owallet-wallet-standard (>=0.1.0 <=0.1.1) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.58.0)

@solana/web3.js NPM version =1.58.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @brave/wallet-standard-brave =0.0.8, =0.1.0, =0.1.6, =0.1.10 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@arb-protocol/core (>=2.0.0-alpha.1 <=2.0.0-alpha.5), @arb-protocol/jupiter-adapter (>=2.0.0-alpha.5 <=2.0.0-alpha.6) +80 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.31.0)

@solana/web3.js NPM version =1.31.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @arb-protocol/core =2.0.0-alpha.1, =2.0.0-alpha.5, =2.0.0-alpha.1, =2.20.0, =1.0.1, =0.0.1, =0.0.1, =1.0.0, =0.2.0, =0.2.0, =0.0....

@arb-protocol/core (>=2.0.0-alpha.1 <=2.0.0-alpha.6), @arb-protocol/jupiter-adapter (>=2.0.0-alpha.5 <=2.0.0-alpha.6) +18 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.69.0)

@solana/web3.js NPM version =1.69.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @arb-protocol/core =2.0.0-alpha.1, =2.0.0-alpha.5, =2.0.0-alpha.1, =0.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =0.1.8, =1.0.63, =1.0....

@debridge-finance/solana-contracts-client (>=0.1.0 <=1.0.0), @debridge-finance/solana-utils (=1.0.2) potentially affected by CVE-2024-30253 via @solana/web3.js (=1.62.0)

@solana/web3.js NPM version =1.62.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @debridge-finance/solana-contracts-client =0.1.0, =1.0.0 - @debridge-finance/solana-utils =1.0.2 Source cves: CVE-2024-30253 Sour...

@civic/multichain-connect-react-solana-wallet-adapter (>=0.0.0-alpha.1 <=0.0.3-beta.11), @debridge-finance/dln-client (>=5.1.0 <=8.2.2) +6 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.76.0)

@solana/web3.js NPM version =1.76.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @civic/multichain-connect-react-solana-wallet-adapter =0.0.0-alpha.1, =5.1.0, =2.11.0, =1.0.0, =0.1.1-alpha.8, =0.3.2-alpha.2,...

@beeman/my-anchor-app-anchor (=0.0.1), @epplex-xyz/sdk (>=0.1.42 <=0.3.0) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.90.0)

@solana/web3.js NPM version =1.90.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @beeman/my-anchor-app-anchor =0.0.1 - @epplex-xyz/sdk =0.1.42, =0.0.1, =0.1.2 Source cves: CVE-2024-30253 Source advisory:...

soltokenbalance (>=1.0.0 <=1.0.1) potentially affected by CVE-2024-30253 via @solana/web3.js (=1.20.0)

@solana/web3.js NPM version =1.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - soltokenbalance =1.0.0, =1.0.1 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@strata-foundation/governance-cli (>=3.11.0 <=3.11.2) potentially affected by CVE-2024-30253 via @solana/web3.js (=1.22.0)

@solana/web3.js NPM version =1.22.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @strata-foundation/governance-cli =3.11.0, =3.11.2 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@aloe2/account-lib (=2.20.20228282226), @aloe2/bitgo (=14.2.20228282226) +11 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.56.0 <=1.56.2)

@solana/web3.js NPM version =1.56.0, =2.20.0, =14.2.0, =1.0.1, =2.0.0, =8.0.1, =3.0.0, =3.1.2-beta.0, =2.2.33, =2.0.1-alpha.412, =7.0.0, =8.0.2 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@3s-wallet-core/provider (>=0.0.2 <=0.0.3), @3s-wallet-core/wallet (=0.0.4) +17 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.87.2 <=1.87.6)

@solana/web3.js NPM version =1.87.2, =0.0.2, =0.0.6, =0.1.9, =2.0.3, =0.0.1-alpha.1, =0.0.2, =2.0.0, =0.1.3-rc.1, =3.0.4, =0.2.2, =1.11.3-nobnb, =1.0.0, =1.1.0 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@axyzsdk/js (=0.0.0), @axyzsdk/react (=0.0.0) +4 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.35.0 <=1.35.1)

@solana/web3.js NPM version =1.35.0, =3.0.7, =1.0.0, =0.0.1-rc.1, =0.0.1-rc.3, =0.0.2-rc.3 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@iwcapital/cli (>=0.3.0 <=0.3.2), @iwcapital/core (>=0.3.0 <=0.3.3) +19 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.77.2 <=1.77.3)

@solana/web3.js NPM version =1.77.2, =0.3.0, =0.3.0, =0.2.0, =0.2.20, =0.7.0, =0.0.155, =0.8.24, =0.8.19, =0.8.22, =0.8.20, =0.8.33, =0.8.23, =0.8.20, =0.8.53, =0.8.65 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...