Malicious code in web3-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5f9a8e5a9dede9c1427e0e8d5c0d8db66d3edbf33e75da9e7cd205b31a1ce3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2024-0786

Malicious code in bioql PyPI...

Malicious code in rose-web3-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86e7bba39177d14d11698b3ccaeca36599df068894146efc99d0ded173449d9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vojislav-web3-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec0615ccf6220b2f71802d071574e6dd419eb49061805b9c05aee84eacc51df7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3774 Malicious code in vojislav-web3-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ec0615ccf6220b2f71802d071574e6dd419eb49061805b9c05aee84eacc51df7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sasha-web3-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 711d644ee70ae236cbeb74d5b102ac46509d387f35a091ac6c791d10ba0fda60 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sol-web3-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1af6c83b64b9da58a5d027de1d8039b58b1be78be7f8a3f9df554d15d8c15cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-21505

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...

Prototype Pollution

web3-utils is vulnerable to Prototype Pollution. The vulnerability is due to insecure recursive merge via the utility functions format and mergeDeep, allowing an attacker to manipulate an object's prototype by passing specially crafted input to these functions...

GHSA-2G4C-8FPM-C46V web3-utils Prototype Pollution vulnerability

Impact: The mergeDeep function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing careful...

web3-utils Prototype Pollution vulnerability

Impact: The mergeDeep function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing careful...

GHSA-87QP-7CW8-8Q9C Duplicate Advisory: web3-utils Prototype Pollution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2g4c-8fpm-c46v. This link is maintained to preserve external references. Original Description Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions forma...

Duplicate Advisory: web3-utils Prototype Pollution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2g4c-8fpm-c46v. This link is maintained to preserve external references. Original Description Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions forma...

CVE-2024-21505

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...

CVE-2024-21505

Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...

CVE-2024-21505

CVE-2024-21505 affects the web3-utils package: versions prior to 4.2.1 are vulnerable to a Prototype Pollution issue in the recursive merge via the helper functions format and mergeDeep . An attacker can alter an object’s prototype, potentially changing behavior of all objects inheriting from it....

@hyperledger/cactus-plugin-htlc-coordinator-besu (=2.0.0-alpha.2), @hyperledger/cactus-plugin-persistence-ethereum (>=2.0.0-2945-supply-chain-app-build-failed.241 <=2.0.0-main.214) +20 more potentially affected by CVE-2024-21505 via web3-utils (>=4.0.0-alpha.1 <=4.2.1-dev.9d65c38.0)

web3-utils NPM version =4.0.0-alpha.1, =2.0.0-2945-supply-chain-app-build-failed.241, =2.0.0-2945-supply-chain-app-build-failed.241, =0.0.88, =0.0.84, =0.0.244-test-deposit-improve-v19, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0,...