Vulnerabilities |
3 via 6 paths |
|---|---|
Dependencies |
57 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
medium severity
- Vulnerable module: bn.js
- Introduced through: near-api-js@0.44.2
Detailed paths
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers › near-api-js@0.44.2 › bn.js@5.2.0Remediation: Upgrade to near-api-js@4.0.0.
Overview
Affected versions of this package are vulnerable to Infinite loop. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
PoC
const BN = require('bn.js'); // any version up to 5.2.2
const x = new BN('1', 10).maskn(0);
// Internal state is now corrupted:
console.log('x.words.length =', x.words.length); // 1
console.log('x.length =', x.length); // 0 (INVALID - should be >= 1)
console.log('x.isZero() =', x.isZero()); // false (WRONG - should be true)
// This will hang forever:
// console.log(x.toString());
Remediation
Upgrade bn.js to version 4.12.3, 5.2.3 or higher.
References
medium severity
new
- Vulnerable module: ws
- Introduced through: @ethersproject/providers@5.8.0
Detailed paths
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers › @ethersproject/providers@5.8.0 › ws@8.18.0
Overview
ws is a simple to use websocket client, server and console for node.js.
Affected versions of this package are vulnerable to Use of Uninitialized Resource in the websocket.close() implementation in the Sender class, which exposes uninitialized memory when a TypedArray is provided as the reason argument.
Note: The project maintainers note that this "flaw is only exploitable through misuse that is unlikely in practice".
PoC
import { deepStrictEqual } from 'node:assert';
import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer(
{ port: 0, skipUTF8Validation: true },
function () {
const { port } = wss.address();
const ws = new WebSocket(`ws://localhost:${port}`, {
skipUTF8Validation: true
});
ws.on('close', function (code, reason) {
deepStrictEqual(reason, Buffer.alloc(80));
});
}
);
wss.on('connection', function (ws) {
ws.close(1000, new Float32Array(20));
});
Remediation
Upgrade ws to version 8.20.1 or higher.
References
medium severity
- Vulnerable module: elliptic
- Introduced through: @ethersproject/providers@5.8.0
Detailed paths
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers › @ethersproject/providers@5.8.0 › @ethersproject/transactions@5.8.0 › @ethersproject/signing-key@5.8.0 › elliptic@6.6.1
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers › @ethersproject/providers@5.8.0 › @ethersproject/abstract-provider@5.8.0 › @ethersproject/transactions@5.8.0 › @ethersproject/signing-key@5.8.0 › elliptic@6.6.1
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers › @ethersproject/providers@5.8.0 › @ethersproject/abstract-signer@5.8.0 › @ethersproject/abstract-provider@5.8.0 › @ethersproject/transactions@5.8.0 › @ethersproject/signing-key@5.8.0 › elliptic@6.6.1
-
Introduced through: near-rpc-providers@blockcoders/near-rpc-providers › @ethersproject/providers@5.8.0 › @ethersproject/hash@5.8.0 › @ethersproject/abstract-signer@5.8.0 › @ethersproject/abstract-provider@5.8.0 › @ethersproject/transactions@5.8.0 › @ethersproject/signing-key@5.8.0 › elliptic@6.6.1
Overview
elliptic is a fast elliptic-curve cryptography implementation in plain javascript.
Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation due to the incorrect computation of the byte-length of k value with leading zeros resulting in its truncation. An attacker can obtain the secret key by analyzing both a faulty signature generated by a vulnerable implementation and a correct signature for the same inputs.
Note:
There is a distinct but related issue CVE-2024-48948.
Remediation
There is no fixed version for elliptic.