web3.py 代码问题漏洞

web3.py is an open-source Python library developed by ethereum for interacting with the Ethereum blockchain. There were code-related vulnerabilities in versions of web3.py from 6.0.0b3 to 7.15.0, as well as in version 8.0.0b2. These vulnerabilities stemmed from a lack of target validation when...

Server-side Request Forgery (SSRF)

Overview web3 is a web3: A Python library for interacting with Ethereum Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CCIP Read process. An attacker can cause the application to make arbitrary HTTP requests to internal or external destinations by...

0lever-utils (>=0.0.2 <=0.0.7), 0x-web3 (=5.0.0a5) +6207 more potentially affected by CVE-2026-34073 via cryptography (>=0.6.1 <=46.0.5)

cryptography PYPI version =0.6.1, =0.0.2, =2.3.84, =0.1.0, =2.3.0, =0.1.0, =0.5.0rc5, =0.9.2, =0.4.24, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.1.9 and more Source cves: CVE-2026-34073 Source advisory: OSV:GHSA-M959-CC7F-WV43...

Freeze The Bridge Via Large ERC20 Names/Symbols/Denoms

Handle nascent Vulnerability details Ethereum Oracles watch for events on the Gravity.sol contract on the Ethereum blockchain. This is performed in the checkforevents function, ran in the ethoraclemainloop. In this function, there is the following code snippet: let erc20deployed = web3...