util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive.
9.8CVSS
9.6AI Score
0.005EPSS
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain.
5.3CVSS
5.2AI Score
0.001EPSS
Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble.
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.002EPSS