IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt

Name: ISA-2025-001: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions MAY also be affected. Affected users: Validator...

Malicious code in @aoflmkt/form-validators (npm)

--- -= Per source details. Do not edit below this line.=-...

IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement

Name: ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: Critical Considerable Impact; Almost Certain Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions may also be affected. Affected user...

CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts

Name: ASA-2025-002: Malicious peer can stall network by disseminating seemingly valid block parts Component: CometBFT Criticality: High Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: = v0.38.16, v1.0.0 Affected users: Validators, Full nodes, Users Description A bug was...

CometBFT allows a malicious peer to make node stuck in blocksync

Name: ASA-2025-001: Malicious peer can disrupt node's ability to sync via blocksync Component: CometBFT OUTDATED Criticality: Medium Considerable Impact; Possible Likelihood per ACMv1.2 Update of Criticality on 2026-03-06: We've made a mistake and over-rated the criticality of this bug in our...

Malicious code in nimiq-validators-trustscore (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 439234df75ca95b0a55dd5adb5b75241f16bd7d342b1e80ad5c96a53bbced90d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions = math/v1.3.0 Affected users: Chain Builders +...

Malicious code in nimiq-validators-score (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b43acb2afa91f23243dfba4c5067ee0cc8746f3f211a900383bf47bec6a946 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-G9PH-J5VJ-F8WM Potential access to sensitive URLs via CKAN extensions (SSRF)

Impact There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents e.g. pushing to the DataStore, streaming contents or saving a local...

Potential access to sensitive URLs via CKAN extensions (SSRF)

Impact There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents e.g. pushing to the DataStore, streaming contents or saving a local...

CVE-2024-43371

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their...

CVE-2024-43371 Potential access to sensitive URLs via CKAN extensions (SSRF)

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their...

CVE-2024-43371

CVE-2024-43371 describes a Server Side Request Forgery (SSRF) in CKAN via multiple plugins (XLoader, DataPusher, Resource proxy, ckanext-archiver) that fetch remote resources without validating the target URL. The underlying issue is that these plugins use the resource URL without restricting des...

CVE-2024-43371 Potential access to sensitive URLs via CKAN extensions (SSRF)

CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their...

PT-2024-30535 · Ckan +3 · Ckan +5

Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.10.5 CKAN versions prior to 2.11.0 Description: CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy,...

GO-2023-1865 Vega's validators able to submit duplicate transactions in code.vegaprotocol.io/vega

Vega's validators able to submit duplicate transactions in code.vegaprotocol.io/vega...

URL Redirection to Untrusted Site ('Open Redirect')

Overview IdentityServer4 is an OpenID Connect and OAuth 2.0 Framework for ASP.NET Core Affected versions of this package are vulnerable to URL Redirection to Untrusted Site 'Open Redirect' through the commonly used GetAuthorizationContextAsync and IsValidReturnUrl methods which return non-null...

Malicious code in ama-validators (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6596 Malicious code in ama-validators (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-model_validators_ex (RubyGems)

--- -= Per source details. Do not edit below this line.=-...