CVE-2021-41122

Опубликовано: 05 окт. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.

Ссылки

https://github.com/vyperlang/vyper/pull/2447
Third Party Advisory
https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46
Exploit
Third Party Advisory
https://github.com/vyperlang/vyper/pull/2447
Third Party Advisory
https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:*:*:*

Версия до 0.3.0 (исключая)

EPSS

Процентиль: 42%

0.00203

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-682

Связанные уязвимости

GHSA-c7pr-343r-5c46