eth_abi-2.2.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 4.3)
mend-for-github-com opened this issue · comments
Vulnerable Library - eth_abi-2.2.0-py3-none-any.whl
eth_abi: Python utilities for working with Ethereum ABI definitions, especially encoding and decoding
Library home page: https://files.pythonhosted.org/packages/3f/72/3cf3398c1c9c0f5fadacfdb2fb2a6e728c37f823af86eded2e3f0f9ddfcc/eth_abi-2.2.0-py3-none-any.whl
Found in HEAD commit: 721c85d8c1c7916ebe7351559bf0e1dc82e35aea
Vulnerabilities
CVE | Severity | CVSS | Dependency | Type | Fixed in (eth_abi version) | Remediation Possible** |
---|---|---|---|---|---|---|
WS-2023-0428 | Medium | 4.3 | eth_abi-2.2.0-py3-none-any.whl | Direct | 4.2.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2023-0428
Vulnerable Library - eth_abi-2.2.0-py3-none-any.whl
eth_abi: Python utilities for working with Ethereum ABI definitions, especially encoding and decoding
Library home page: https://files.pythonhosted.org/packages/3f/72/3cf3398c1c9c0f5fadacfdb2fb2a6e728c37f823af86eded2e3f0f9ddfcc/eth_abi-2.2.0-py3-none-any.whl
Dependency Hierarchy:
- ❌ eth_abi-2.2.0-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 721c85d8c1c7916ebe7351559bf0e1dc82e35aea
Found in base branch: master
Vulnerability Details
Ethereum ABI decoder prior to 4.2.0 is vulnerable to DoS when parsing ZST.
Publish Date: 2023-11-23
URL: WS-2023-0428
CVSS 3 Score Details (4.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: GHSA-rqr8-pxh7-cq3g
Release Date: 2023-11-23
Fix Resolution: 4.2.0