Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for solana-web3.js by solana-labs

    CVE-2024-54134 (GCVE-0-2024-54134)

    Vulnerability from nvd – Published: 2024-12-04 15:20 – Updated: 2024-12-04 21:40
    VLAI
    Title
    @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material
    Summary
    A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. All Solana app developers should upgrade to version 1.95.8. Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    solana-labs solana-web3.js Affected: >= 1.95.6, < 1.95.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T19:13:52.817690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T21:40:13.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "solana-web3.js",
              "vendor": "solana-labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.95.6, \u003c 1.95.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. All Solana app developers should upgrade to version 1.95.8. Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-04T15:20:54.084Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-jcxm-7wvp-g6p5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-jcxm-7wvp-g6p5"
            }
          ],
          "source": {
            "advisory": "GHSA-jcxm-7wvp-g6p5",
            "discovery": "UNKNOWN"
          },
          "title": "@solana/web3.js modified package published to npm, containing malware that exfiltrates private key material"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-54134",
        "datePublished": "2024-12-04T15:20:54.084Z",
        "dateReserved": "2024-11-29T18:02:16.754Z",
        "dateUpdated": "2024-12-04T21:40:13.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30253 (GCVE-0-2024-30253)

    Vulnerability from nvd – Published: 2024-04-17 15:07 – Updated: 2024-08-21 15:05
    VLAI
    Title
    Handling untrusted input can result in a crash, leading to loss of availability / denial of service
    Summary
    @solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    solana-labs solana-web3.js Affected: >= 1.91.0, < 1.91.3
    Affected: >= 1.90, < 1.90.2
    Affected: >= 1.89, < 1.89.2
    Affected: = 1.88.0
    Affected: >=1.87.0, < 1.87.7
    Affected: = 1.86.0
    Affected: = 1.85.0
    Affected: = 1.84.0
    Affected: = 1.83.0
    Affected: = 1.82.0
    Affected: = 1.81.0
    Affected: = 1.80.0
    Affected: = 1.79.0
    Affected: >= 1.78, < 1.78.8
    Affected: >= 1.77, < 1.77.4
    Affected: = 1.76.0
    Affected: = 1.75.0
    Affected: = 1.74.0
    Affected: >= 1.73.0, < 1.73.5
    Affected: = 1.72.0
    Affected: = 1.71.0
    Affected: >= 1.70.0, < 1.70.4
    Affected: = 1.69.0
    Affected: >= 1.68.0, < 1.68.2
    Affected: >= 1.67.0, < 1.67.3
    Affected: >= 1.66.0, < 1.66.6
    Affected: = 1.65.0
    Affected: = 1.64.0
    Affected: >= 1.63.0, < 1.63.2
    Affected: >= 1.62.0, < 1.62.2
    Affected: >= 1.61.0, < 1.61.2
    Affected: = 1.60.0
    Affected: >= 1.59.0, < 1.59.2
    Affected: = 1.58.0
    Affected: = 1.57.0
    Affected: >= 1.56.0, < 1.56.3
    Affected: = 1.55.0
    Affected: >= 1.54.0, < 1.54.2
    Affected: = 1.53.0
    Affected: = 1.52.0
    Affected: = 1.51.0
    Affected: >= 1.50.0, < 1.50.2
    Affected: = 1.49.0
    Affected: = 1.48.0
    Affected: >= 1.47.0, < 1.47.5
    Affected: = 1.46.0
    Affected: = 1.45.0
    Affected: >= 1.44.0, < 1.44.4
    Affected: >= 1.43.0, < 1.43.7
    Affected: = 1.42.0
    Affected: >= 1.41.0, < 1.41.11
    Affected: >= 1.40.0, < 1.40.2
    Affected: >= 1.39.0, < 1.39.2
    Affected: = 1.38.0
    Affected: >= 1.37.0, < 1.37.3
    Affected: = 1.36.0
    Affected: >= 1.35.0, < 1.35.2
    Affected: = 1.34.0
    Affected: = 1.33.0
    Affected: >= 1.32.0, < 1.32.2
    Affected: = 1.31.0
    Affected: >= 1.30.0, < 1.30.3
    Affected: >= 1.29.0, < 1.29.4
    Affected: = 1.28.0
    Affected: = 1.27.0
    Affected: = 1.26.0
    Affected: = 1.25.0
    Affected: >= 1.24.0, < 1.24.3
    Affected: = 1.23.0
    Affected: = 1.22.0
    Affected: = 1.21.0
    Affected: >= 1.20.0, < 1.20.3
    Affected: = 1.19.0
    Affected: = 1.18.0
    Affected: = 1.17.0
    Affected: >= 1.16.0, < 1.16.2
    Affected: = 1.15.0
    Affected: = 1.14.0
    Affected: = 1.13.0
    Affected: = 1.12.0
    Affected: = 1.11.0
    Affected: >= 1.10.0, < 1.10.2
    Affected: >= 1.9.0, < 1.9.2
    Affected: = 1.8.0
    Affected: >= 1.7.0, < 1.7.2
    Affected: = 1.6.0
    Affected: = 1.5.0
    Affected: = 1.4.0
    Affected: = 1.3.0
    Affected: >= 1.2.0, < 1.2.8
    Affected: >= 1.1.0, < 1.1.2
    Affected: < 1.0.1
    Create a notification for this product.
    solanalabs web3 Affected: 1.91.0 , < 1.91.3 (custom)
    Affected: 1.90 , < 1.90.2 (custom)
    Affected: 1.89 , < 1.89.2 (custom)
    Affected: 1.88.0
    Affected: 1.87.0 , < 1.87.7 (custom)
    Affected: 1.86.0
    Affected: 1.85.0
    Affected: 1.84.0
    Affected: 1.83.0
    Affected: 1.82.0
    Affected: 1.81.0
    Affected: 1.80.0
    Affected: 1.79.0
    Affected: 1.78 , < 1.78.8 (custom)
    Affected: 1.77 , < 1.77.4 (custom)
    Affected: 1.76.0
    Affected: 1.75.0
    Affected: 1.74.0
    Affected: 1.73.0 , < 1.73.5 (custom)
    Affected: 1.72.0
    Affected: 1.71.0
    Affected: 1.70.0 , < 1.70.4 (custom)
    Affected: 1.69.0
    Affected: 1.68.0 , < 1.68.2 (custom)
    Affected: 1.67.0 , < 1.67.3 (custom)
    Affected: 1.66.0 , < 1.66.6 (custom)
    Affected: 1.65.0
    Affected: 1.64.0
    Affected: 1.63.0 , < 1.63.2 (custom)
    Affected: 1.62.0 , < 1.62.2 (custom)
    Affected: 1.61.0 , < 1.61.2 (custom)
    Affected: 1.60.0
    Affected: 1.59.0 , < 1.59.2 (custom)
    Affected: 1.58.0
    Affected: 1.57.0
    Affected: 1.56.0 , < 1.56.3 (custom)
    Affected: 1.55.0
    Affected: 1.54.0 , < 1.54.2 (custom)
    Affected: 1.53.0
    Affected: 1.52.0
    Affected: 1.51.0
    Affected: 1.50.0 , < 1.50.2 (custom)
    Affected: 1.49.0
    Affected: 1.48.0
    Affected: 1.47.0 , < 1.47.5 (custom)
    Affected: 1.46.0
    Affected: 1.45.0
    Affected: 1.44.0 , < 1.44.4 (custom)
    Affected: 1.43.0 , < 1.43.7 (custom)
    Affected: 1.42.0
    Affected: 1.41.0 , < 1.41.11 (custom)
    Affected: 1.40.0 , < 1.40.2 (custom)
    Affected: 1.39.0 , < 1.39.2 (custom)
    Affected: 1.38.0
    Affected: 1.37.0 , < 1.37.3 (custom)
    Affected: 1.36.0
    Affected: 1.35.0 , < 1.35.2 (custom)
    Affected: 1.34.0
    Affected: 1.33.0
    Affected: 1.32.0 , < 1.32.2 (custom)
    Affected: 1.31.0
    Affected: 1.30.0 , < 1.30.3 (custom)
    Affected: 1.29.0 , < 1.29.4 (custom)
    Affected: 1.28.0
    Affected: 1.27.0
    Affected: 1.26.0
    Affected: 1.25.0
    Affected: 1.24.0 , < 1.24.3 (custom)
    Affected: 1.23.0
    Affected: 1.22.0
    Affected: 1.21.0
    Affected: 1.20.0 , < 1.20.3 (custom)
    Affected: 1.19.0
    Affected: 1.18.0
    Affected: 1.17.0
    Affected: 1.16.0 , < 1.16.2 (custom)
    Affected: 1.15.0
    Affected: 1.14.0
    Affected: 1.13.0
    Affected: 1.12.0
    Affected: 1.11.0
    Affected: 1.10.0 , < 1.10.2 (custom)
    Affected: 1.9.0 , < 1.9.2 (custom)
    Affected: 1.8.0
    Affected: 1.7.0 , < 1.7.2 (custom)
    Affected: 1.6.0
    Affected: 1.5.0
    Affected: 1.4.0
    Affected: 1.3.0
    Affected: 1.2.0 , < 1.2.8 (custom)
    Affected: 1.1.0 , < 1.1.2 (custom)
    Affected: 0 , < 1.0.1 (custom)
        cpe:2.3:a:solanalabs:web3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:32:06.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"
              },
              {
                "name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:solanalabs:web3:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web3",
                "vendor": "solanalabs",
                "versions": [
                  {
                    "lessThan": "1.91.3",
                    "status": "affected",
                    "version": "1.91.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.90.2",
                    "status": "affected",
                    "version": "1.90",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.89.2",
                    "status": "affected",
                    "version": "1.89",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.88.0"
                  },
                  {
                    "lessThan": "1.87.7",
                    "status": "affected",
                    "version": "1.87.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.86.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.85.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.84.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.83.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.82.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.81.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.80.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.79.0"
                  },
                  {
                    "lessThan": "1.78.8",
                    "status": "affected",
                    "version": "1.78",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.77.4",
                    "status": "affected",
                    "version": "1.77",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.76.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.75.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.74.0"
                  },
                  {
                    "lessThan": "1.73.5",
                    "status": "affected",
                    "version": "1.73.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.72.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.71.0"
                  },
                  {
                    "lessThan": "1.70.4",
                    "status": "affected",
                    "version": "1.70.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.69.0"
                  },
                  {
                    "lessThan": "1.68.2",
                    "status": "affected",
                    "version": "1.68.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.67.3",
                    "status": "affected",
                    "version": "1.67.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.66.6",
                    "status": "affected",
                    "version": "1.66.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.65.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.64.0"
                  },
                  {
                    "lessThan": "1.63.2",
                    "status": "affected",
                    "version": "1.63.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.62.2",
                    "status": "affected",
                    "version": "1.62.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.61.2",
                    "status": "affected",
                    "version": "1.61.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.60.0"
                  },
                  {
                    "lessThan": "1.59.2",
                    "status": "affected",
                    "version": "1.59.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.58.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.57.0"
                  },
                  {
                    "lessThan": "1.56.3",
                    "status": "affected",
                    "version": "1.56.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.55.0"
                  },
                  {
                    "lessThan": "1.54.2",
                    "status": "affected",
                    "version": "1.54.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.53.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.52.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.51.0"
                  },
                  {
                    "lessThan": "1.50.2",
                    "status": "affected",
                    "version": "1.50.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.49.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.48.0"
                  },
                  {
                    "lessThan": "1.47.5",
                    "status": "affected",
                    "version": "1.47.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.46.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.45.0"
                  },
                  {
                    "lessThan": "1.44.4",
                    "status": "affected",
                    "version": "1.44.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.43.7",
                    "status": "affected",
                    "version": "1.43.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.42.0"
                  },
                  {
                    "lessThan": "1.41.11",
                    "status": "affected",
                    "version": "1.41.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.40.2",
                    "status": "affected",
                    "version": "1.40.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.39.2",
                    "status": "affected",
                    "version": "1.39.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.38.0"
                  },
                  {
                    "lessThan": "1.37.3",
                    "status": "affected",
                    "version": "1.37.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.36.0"
                  },
                  {
                    "lessThan": "1.35.2",
                    "status": "affected",
                    "version": "1.35.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.34.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.33.0"
                  },
                  {
                    "lessThan": "1.32.2",
                    "status": "affected",
                    "version": "1.32.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.31.0"
                  },
                  {
                    "lessThan": "1.30.3",
                    "status": "affected",
                    "version": "1.30.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.29.4",
                    "status": "affected",
                    "version": "1.29.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.28.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.27.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.26.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.25.0"
                  },
                  {
                    "lessThan": "1.24.3",
                    "status": "affected",
                    "version": "1.24.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.23.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.22.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.21.0"
                  },
                  {
                    "lessThan": "1.20.3",
                    "status": "affected",
                    "version": "1.20.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.19.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.18.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.17.0"
                  },
                  {
                    "lessThan": "1.16.2",
                    "status": "affected",
                    "version": "1.16.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.15.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.14.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.13.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.12.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.11.0"
                  },
                  {
                    "lessThan": "1.10.2",
                    "status": "affected",
                    "version": "1.10.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.9.2",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.8.0"
                  },
                  {
                    "lessThan": "1.7.2",
                    "status": "affected",
                    "version": "1.7.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.6.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.0"
                  },
                  {
                    "lessThan": "1.2.8",
                    "status": "affected",
                    "version": "1.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.1.2",
                    "status": "affected",
                    "version": "1.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:18:35.271487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T15:05:27.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "solana-web3.js",
              "vendor": "solana-labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.91.0, \u003c 1.91.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.90, \u003c 1.90.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.89, \u003c 1.89.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.88.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e=1.87.0, \u003c 1.87.7"
                },
                {
                  "status": "affected",
                  "version": "= 1.86.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.85.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.84.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.83.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.82.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.81.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.80.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.79.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.78, \u003c 1.78.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.77, \u003c 1.77.4"
                },
                {
                  "status": "affected",
                  "version": "= 1.76.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.75.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.74.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.73.0, \u003c 1.73.5"
                },
                {
                  "status": "affected",
                  "version": "= 1.72.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.71.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.70.0, \u003c 1.70.4"
                },
                {
                  "status": "affected",
                  "version": "= 1.69.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.68.0, \u003c 1.68.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.67.0, \u003c 1.67.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.66.0, \u003c 1.66.6"
                },
                {
                  "status": "affected",
                  "version": "= 1.65.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.64.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.63.0, \u003c 1.63.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.62.0, \u003c 1.62.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.61.0, \u003c 1.61.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.60.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.59.0, \u003c 1.59.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.58.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.57.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.56.0, \u003c 1.56.3"
                },
                {
                  "status": "affected",
                  "version": "= 1.55.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.54.0, \u003c 1.54.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.53.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.52.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.51.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.50.0, \u003c 1.50.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.49.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.48.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.47.0, \u003c 1.47.5"
                },
                {
                  "status": "affected",
                  "version": "= 1.46.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.45.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.44.0, \u003c 1.44.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.43.0, \u003c 1.43.7"
                },
                {
                  "status": "affected",
                  "version": "= 1.42.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.41.0, \u003c 1.41.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.40.0, \u003c 1.40.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.39.0, \u003c 1.39.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.38.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.37.0, \u003c 1.37.3"
                },
                {
                  "status": "affected",
                  "version": "= 1.36.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.35.0, \u003c 1.35.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.34.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.33.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.32.0, \u003c 1.32.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.31.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.30.0, \u003c 1.30.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.29.0, \u003c 1.29.4"
                },
                {
                  "status": "affected",
                  "version": "= 1.28.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.27.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.26.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.25.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.24.0, \u003c 1.24.3"
                },
                {
                  "status": "affected",
                  "version": "= 1.23.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.22.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.21.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.20.0, \u003c 1.20.3"
                },
                {
                  "status": "affected",
                  "version": "= 1.19.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.18.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.17.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.16.0, \u003c 1.16.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.15.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.14.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.13.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.12.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.11.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.10.0, \u003c 1.10.2"
                },
                {
                  "status": "affected",
                  "version": " \u003e= 1.9.0, \u003c 1.9.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.7.0, \u003c 1.7.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.6.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.5.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.4.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.3.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.2.0, \u003c 1.2.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.1.0, \u003c 1.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.0.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-17T19:48:46.105Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"
            },
            {
              "name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"
            }
          ],
          "source": {
            "advisory": "GHSA-8m45-2rjm-j347",
            "discovery": "UNKNOWN"
          },
          "title": "Handling untrusted input can result in a crash, leading to loss of availability / denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-30253",
        "datePublished": "2024-04-17T15:07:27.546Z",
        "dateReserved": "2024-03-26T12:52:00.933Z",
        "dateUpdated": "2024-08-21T15:05:27.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-54134 (GCVE-0-2024-54134)

    Vulnerability from cvelistv5 – Published: 2024-12-04 15:20 – Updated: 2024-12-04 21:40
    VLAI
    Title
    @solana/web3.js modified package published to npm, containing malware that exfiltrates private key material
    Summary
    A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. All Solana app developers should upgrade to version 1.95.8. Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    solana-labs solana-web3.js Affected: >= 1.95.6, < 1.95.8
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-54134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-04T19:13:52.817690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T21:40:13.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "solana-web3.js",
              "vendor": "solana-labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.95.6, \u003c 1.95.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. All Solana app developers should upgrade to version 1.95.8. Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-04T15:20:54.084Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-jcxm-7wvp-g6p5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-jcxm-7wvp-g6p5"
            }
          ],
          "source": {
            "advisory": "GHSA-jcxm-7wvp-g6p5",
            "discovery": "UNKNOWN"
          },
          "title": "@solana/web3.js modified package published to npm, containing malware that exfiltrates private key material"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-54134",
        "datePublished": "2024-12-04T15:20:54.084Z",
        "dateReserved": "2024-11-29T18:02:16.754Z",
        "dateUpdated": "2024-12-04T21:40:13.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30253 (GCVE-0-2024-30253)

    Vulnerability from cvelistv5 – Published: 2024-04-17 15:07 – Updated: 2024-08-21 15:05
    VLAI
    Title
    Handling untrusted input can result in a crash, leading to loss of availability / denial of service
    Summary
    @solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    solana-labs solana-web3.js Affected: >= 1.91.0, < 1.91.3
    Affected: >= 1.90, < 1.90.2
    Affected: >= 1.89, < 1.89.2
    Affected: = 1.88.0
    Affected: >=1.87.0, < 1.87.7
    Affected: = 1.86.0
    Affected: = 1.85.0
    Affected: = 1.84.0
    Affected: = 1.83.0
    Affected: = 1.82.0
    Affected: = 1.81.0
    Affected: = 1.80.0
    Affected: = 1.79.0
    Affected: >= 1.78, < 1.78.8
    Affected: >= 1.77, < 1.77.4
    Affected: = 1.76.0
    Affected: = 1.75.0
    Affected: = 1.74.0
    Affected: >= 1.73.0, < 1.73.5
    Affected: = 1.72.0
    Affected: = 1.71.0
    Affected: >= 1.70.0, < 1.70.4
    Affected: = 1.69.0
    Affected: >= 1.68.0, < 1.68.2
    Affected: >= 1.67.0, < 1.67.3
    Affected: >= 1.66.0, < 1.66.6
    Affected: = 1.65.0
    Affected: = 1.64.0
    Affected: >= 1.63.0, < 1.63.2
    Affected: >= 1.62.0, < 1.62.2
    Affected: >= 1.61.0, < 1.61.2
    Affected: = 1.60.0
    Affected: >= 1.59.0, < 1.59.2
    Affected: = 1.58.0
    Affected: = 1.57.0
    Affected: >= 1.56.0, < 1.56.3
    Affected: = 1.55.0
    Affected: >= 1.54.0, < 1.54.2
    Affected: = 1.53.0
    Affected: = 1.52.0
    Affected: = 1.51.0
    Affected: >= 1.50.0, < 1.50.2
    Affected: = 1.49.0
    Affected: = 1.48.0
    Affected: >= 1.47.0, < 1.47.5
    Affected: = 1.46.0
    Affected: = 1.45.0
    Affected: >= 1.44.0, < 1.44.4
    Affected: >= 1.43.0, < 1.43.7
    Affected: = 1.42.0
    Affected: >= 1.41.0, < 1.41.11
    Affected: >= 1.40.0, < 1.40.2
    Affected: >= 1.39.0, < 1.39.2
    Affected: = 1.38.0
    Affected: >= 1.37.0, < 1.37.3
    Affected: = 1.36.0
    Affected: >= 1.35.0, < 1.35.2
    Affected: = 1.34.0
    Affected: = 1.33.0
    Affected: >= 1.32.0, < 1.32.2
    Affected: = 1.31.0
    Affected: >= 1.30.0, < 1.30.3
    Affected: >= 1.29.0, < 1.29.4
    Affected: = 1.28.0
    Affected: = 1.27.0
    Affected: = 1.26.0
    Affected: = 1.25.0
    Affected: >= 1.24.0, < 1.24.3
    Affected: = 1.23.0
    Affected: = 1.22.0
    Affected: = 1.21.0
    Affected: >= 1.20.0, < 1.20.3
    Affected: = 1.19.0
    Affected: = 1.18.0
    Affected: = 1.17.0
    Affected: >= 1.16.0, < 1.16.2
    Affected: = 1.15.0
    Affected: = 1.14.0
    Affected: = 1.13.0
    Affected: = 1.12.0
    Affected: = 1.11.0
    Affected: >= 1.10.0, < 1.10.2
    Affected: >= 1.9.0, < 1.9.2
    Affected: = 1.8.0
    Affected: >= 1.7.0, < 1.7.2
    Affected: = 1.6.0
    Affected: = 1.5.0
    Affected: = 1.4.0
    Affected: = 1.3.0
    Affected: >= 1.2.0, < 1.2.8
    Affected: >= 1.1.0, < 1.1.2
    Affected: < 1.0.1
    Create a notification for this product.
    solanalabs web3 Affected: 1.91.0 , < 1.91.3 (custom)
    Affected: 1.90 , < 1.90.2 (custom)
    Affected: 1.89 , < 1.89.2 (custom)
    Affected: 1.88.0
    Affected: 1.87.0 , < 1.87.7 (custom)
    Affected: 1.86.0
    Affected: 1.85.0
    Affected: 1.84.0
    Affected: 1.83.0
    Affected: 1.82.0
    Affected: 1.81.0
    Affected: 1.80.0
    Affected: 1.79.0
    Affected: 1.78 , < 1.78.8 (custom)
    Affected: 1.77 , < 1.77.4 (custom)
    Affected: 1.76.0
    Affected: 1.75.0
    Affected: 1.74.0
    Affected: 1.73.0 , < 1.73.5 (custom)
    Affected: 1.72.0
    Affected: 1.71.0
    Affected: 1.70.0 , < 1.70.4 (custom)
    Affected: 1.69.0
    Affected: 1.68.0 , < 1.68.2 (custom)
    Affected: 1.67.0 , < 1.67.3 (custom)
    Affected: 1.66.0 , < 1.66.6 (custom)
    Affected: 1.65.0
    Affected: 1.64.0
    Affected: 1.63.0 , < 1.63.2 (custom)
    Affected: 1.62.0 , < 1.62.2 (custom)
    Affected: 1.61.0 , < 1.61.2 (custom)
    Affected: 1.60.0
    Affected: 1.59.0 , < 1.59.2 (custom)
    Affected: 1.58.0
    Affected: 1.57.0
    Affected: 1.56.0 , < 1.56.3 (custom)
    Affected: 1.55.0
    Affected: 1.54.0 , < 1.54.2 (custom)
    Affected: 1.53.0
    Affected: 1.52.0
    Affected: 1.51.0
    Affected: 1.50.0 , < 1.50.2 (custom)
    Affected: 1.49.0
    Affected: 1.48.0
    Affected: 1.47.0 , < 1.47.5 (custom)
    Affected: 1.46.0
    Affected: 1.45.0
    Affected: 1.44.0 , < 1.44.4 (custom)
    Affected: 1.43.0 , < 1.43.7 (custom)
    Affected: 1.42.0
    Affected: 1.41.0 , < 1.41.11 (custom)
    Affected: 1.40.0 , < 1.40.2 (custom)
    Affected: 1.39.0 , < 1.39.2 (custom)
    Affected: 1.38.0
    Affected: 1.37.0 , < 1.37.3 (custom)
    Affected: 1.36.0
    Affected: 1.35.0 , < 1.35.2 (custom)
    Affected: 1.34.0
    Affected: 1.33.0
    Affected: 1.32.0 , < 1.32.2 (custom)
    Affected: 1.31.0
    Affected: 1.30.0 , < 1.30.3 (custom)
    Affected: 1.29.0 , < 1.29.4 (custom)
    Affected: 1.28.0
    Affected: 1.27.0
    Affected: 1.26.0
    Affected: 1.25.0
    Affected: 1.24.0 , < 1.24.3 (custom)
    Affected: 1.23.0
    Affected: 1.22.0
    Affected: 1.21.0
    Affected: 1.20.0 , < 1.20.3 (custom)
    Affected: 1.19.0
    Affected: 1.18.0
    Affected: 1.17.0
    Affected: 1.16.0 , < 1.16.2 (custom)
    Affected: 1.15.0
    Affected: 1.14.0
    Affected: 1.13.0
    Affected: 1.12.0
    Affected: 1.11.0
    Affected: 1.10.0 , < 1.10.2 (custom)
    Affected: 1.9.0 , < 1.9.2 (custom)
    Affected: 1.8.0
    Affected: 1.7.0 , < 1.7.2 (custom)
    Affected: 1.6.0
    Affected: 1.5.0
    Affected: 1.4.0
    Affected: 1.3.0
    Affected: 1.2.0 , < 1.2.8 (custom)
    Affected: 1.1.0 , < 1.1.2 (custom)
    Affected: 0 , < 1.0.1 (custom)
        cpe:2.3:a:solanalabs:web3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:32:06.308Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"
              },
              {
                "name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:solanalabs:web3:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "web3",
                "vendor": "solanalabs",
                "versions": [
                  {
                    "lessThan": "1.91.3",
                    "status": "affected",
                    "version": "1.91.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.90.2",
                    "status": "affected",
                    "version": "1.90",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.89.2",
                    "status": "affected",
                    "version": "1.89",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.88.0"
                  },
                  {
                    "lessThan": "1.87.7",
                    "status": "affected",
                    "version": "1.87.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.86.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.85.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.84.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.83.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.82.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.81.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.80.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.79.0"
                  },
                  {
                    "lessThan": "1.78.8",
                    "status": "affected",
                    "version": "1.78",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.77.4",
                    "status": "affected",
                    "version": "1.77",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.76.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.75.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.74.0"
                  },
                  {
                    "lessThan": "1.73.5",
                    "status": "affected",
                    "version": "1.73.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.72.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.71.0"
                  },
                  {
                    "lessThan": "1.70.4",
                    "status": "affected",
                    "version": "1.70.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.69.0"
                  },
                  {
                    "lessThan": "1.68.2",
                    "status": "affected",
                    "version": "1.68.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.67.3",
                    "status": "affected",
                    "version": "1.67.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.66.6",
                    "status": "affected",
                    "version": "1.66.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.65.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.64.0"
                  },
                  {
                    "lessThan": "1.63.2",
                    "status": "affected",
                    "version": "1.63.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.62.2",
                    "status": "affected",
                    "version": "1.62.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.61.2",
                    "status": "affected",
                    "version": "1.61.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.60.0"
                  },
                  {
                    "lessThan": "1.59.2",
                    "status": "affected",
                    "version": "1.59.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.58.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.57.0"
                  },
                  {
                    "lessThan": "1.56.3",
                    "status": "affected",
                    "version": "1.56.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.55.0"
                  },
                  {
                    "lessThan": "1.54.2",
                    "status": "affected",
                    "version": "1.54.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.53.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.52.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.51.0"
                  },
                  {
                    "lessThan": "1.50.2",
                    "status": "affected",
                    "version": "1.50.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.49.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.48.0"
                  },
                  {
                    "lessThan": "1.47.5",
                    "status": "affected",
                    "version": "1.47.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.46.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.45.0"
                  },
                  {
                    "lessThan": "1.44.4",
                    "status": "affected",
                    "version": "1.44.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.43.7",
                    "status": "affected",
                    "version": "1.43.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.42.0"
                  },
                  {
                    "lessThan": "1.41.11",
                    "status": "affected",
                    "version": "1.41.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.40.2",
                    "status": "affected",
                    "version": "1.40.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.39.2",
                    "status": "affected",
                    "version": "1.39.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.38.0"
                  },
                  {
                    "lessThan": "1.37.3",
                    "status": "affected",
                    "version": "1.37.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.36.0"
                  },
                  {
                    "lessThan": "1.35.2",
                    "status": "affected",
                    "version": "1.35.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.34.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.33.0"
                  },
                  {
                    "lessThan": "1.32.2",
                    "status": "affected",
                    "version": "1.32.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.31.0"
                  },
                  {
                    "lessThan": "1.30.3",
                    "status": "affected",
                    "version": "1.30.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.29.4",
                    "status": "affected",
                    "version": "1.29.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.28.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.27.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.26.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.25.0"
                  },
                  {
                    "lessThan": "1.24.3",
                    "status": "affected",
                    "version": "1.24.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.23.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.22.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.21.0"
                  },
                  {
                    "lessThan": "1.20.3",
                    "status": "affected",
                    "version": "1.20.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.19.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.18.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.17.0"
                  },
                  {
                    "lessThan": "1.16.2",
                    "status": "affected",
                    "version": "1.16.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.15.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.14.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.13.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.12.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.11.0"
                  },
                  {
                    "lessThan": "1.10.2",
                    "status": "affected",
                    "version": "1.10.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.9.2",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.8.0"
                  },
                  {
                    "lessThan": "1.7.2",
                    "status": "affected",
                    "version": "1.7.0",
                    "versionType": "custom"
                  },
                  {
                    "status": "affected",
                    "version": "1.6.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.4.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.3.0"
                  },
                  {
                    "lessThan": "1.2.8",
                    "status": "affected",
                    "version": "1.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.1.2",
                    "status": "affected",
                    "version": "1.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "1.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:18:35.271487Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T15:05:27.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "solana-web3.js",
              "vendor": "solana-labs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.91.0, \u003c 1.91.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.90, \u003c 1.90.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.89, \u003c 1.89.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.88.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e=1.87.0, \u003c 1.87.7"
                },
                {
                  "status": "affected",
                  "version": "= 1.86.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.85.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.84.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.83.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.82.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.81.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.80.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.79.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.78, \u003c 1.78.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.77, \u003c 1.77.4"
                },
                {
                  "status": "affected",
                  "version": "= 1.76.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.75.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.74.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.73.0, \u003c 1.73.5"
                },
                {
                  "status": "affected",
                  "version": "= 1.72.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.71.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.70.0, \u003c 1.70.4"
                },
                {
                  "status": "affected",
                  "version": "= 1.69.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.68.0, \u003c 1.68.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.67.0, \u003c 1.67.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.66.0, \u003c 1.66.6"
                },
                {
                  "status": "affected",
                  "version": "= 1.65.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.64.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.63.0, \u003c 1.63.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.62.0, \u003c 1.62.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.61.0, \u003c 1.61.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.60.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.59.0, \u003c 1.59.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.58.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.57.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.56.0, \u003c 1.56.3"
                },
                {
                  "status": "affected",
                  "version": "= 1.55.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.54.0, \u003c 1.54.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.53.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.52.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.51.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.50.0, \u003c 1.50.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.49.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.48.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.47.0, \u003c 1.47.5"
                },
                {
                  "status": "affected",
                  "version": "= 1.46.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.45.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.44.0, \u003c 1.44.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.43.0, \u003c 1.43.7"
                },
                {
                  "status": "affected",
                  "version": "= 1.42.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.41.0, \u003c 1.41.11"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.40.0, \u003c 1.40.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.39.0, \u003c 1.39.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.38.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.37.0, \u003c 1.37.3"
                },
                {
                  "status": "affected",
                  "version": "= 1.36.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.35.0, \u003c 1.35.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.34.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.33.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.32.0, \u003c 1.32.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.31.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.30.0, \u003c 1.30.3"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.29.0, \u003c 1.29.4"
                },
                {
                  "status": "affected",
                  "version": "= 1.28.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.27.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.26.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.25.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.24.0, \u003c 1.24.3"
                },
                {
                  "status": "affected",
                  "version": "= 1.23.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.22.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.21.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.20.0, \u003c 1.20.3"
                },
                {
                  "status": "affected",
                  "version": "= 1.19.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.18.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.17.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.16.0, \u003c 1.16.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.15.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.14.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.13.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.12.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.11.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.10.0, \u003c 1.10.2"
                },
                {
                  "status": "affected",
                  "version": " \u003e= 1.9.0, \u003c 1.9.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.7.0, \u003c 1.7.2"
                },
                {
                  "status": "affected",
                  "version": "= 1.6.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.5.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.4.0"
                },
                {
                  "status": "affected",
                  "version": "= 1.3.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.2.0, \u003c 1.2.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 1.1.0, \u003c 1.1.2"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.0.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-17T19:48:46.105Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-8m45-2rjm-j347"
            },
            {
              "name": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/solana-labs/solana-web3.js/commit/77d935221a4805107b20b60ae7c1148725e4e2d0"
            }
          ],
          "source": {
            "advisory": "GHSA-8m45-2rjm-j347",
            "discovery": "UNKNOWN"
          },
          "title": "Handling untrusted input can result in a crash, leading to loss of availability / denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-30253",
        "datePublished": "2024-04-17T15:07:27.546Z",
        "dateReserved": "2024-03-26T12:52:00.933Z",
        "dateUpdated": "2024-08-21T15:05:27.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }