Open mend-bolt-for-github[bot] opened 4 months ago
eth_abi: Python utilities for working with Ethereum ABI definitions, especially encoding and decoding
Library home page: https://files.pythonhosted.org/packages/3f/72/3cf3398c1c9c0f5fadacfdb2fb2a6e728c37f823af86eded2e3f0f9ddfcc/eth_abi-2.2.0-py3-none-any.whl
Path to dependency file: /blockchain/requirements.txt
Path to vulnerable library: /blockchain/requirements.txt
Found in HEAD commit: 56243b6f6a9d69dc996086fd1497f2255877936c
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **eth_abi-2.2.0-py3-none-any.whl** (Vulnerable Library)
Found in base branch: main
Ethereum ABI decoder prior to 4.2.0 is vulnerable to DoS when parsing ZST.
Publish Date: 2024-11-03
URL: WS-2023-0428
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
Type: Upgrade version
Origin: https://github.com/ethereum/eth-abi/security/advisories/GHSA-rqr8-pxh7-cq3g
Release Date: 2023-11-23
Fix Resolution: eth-abi - 4.2.0
eth_abi: Python utilities for working with Ethereum ABI definitions, especially encoding and decoding
Library home page: https://files.pythonhosted.org/packages/3f/72/3cf3398c1c9c0f5fadacfdb2fb2a6e728c37f823af86eded2e3f0f9ddfcc/eth_abi-2.2.0-py3-none-any.whl
Path to dependency file: /blockchain/requirements.txt
Path to vulnerable library: /blockchain/requirements.txt
Found in HEAD commit: 56243b6f6a9d69dc996086fd1497f2255877936c
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2023-0428
### Vulnerable Library - eth_abi-2.2.0-py3-none-any.whleth_abi: Python utilities for working with Ethereum ABI definitions, especially encoding and decoding
Library home page: https://files.pythonhosted.org/packages/3f/72/3cf3398c1c9c0f5fadacfdb2fb2a6e728c37f823af86eded2e3f0f9ddfcc/eth_abi-2.2.0-py3-none-any.whl
Path to dependency file: /blockchain/requirements.txt
Path to vulnerable library: /blockchain/requirements.txt
Dependency Hierarchy: - :x: **eth_abi-2.2.0-py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: 56243b6f6a9d69dc996086fd1497f2255877936c
Found in base branch: main
### Vulnerability DetailsEthereum ABI decoder prior to 4.2.0 is vulnerable to DoS when parsing ZST.
Publish Date: 2024-11-03
URL: WS-2023-0428
### CVSS 3 Score Details (4.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/ethereum/eth-abi/security/advisories/GHSA-rqr8-pxh7-cq3g
Release Date: 2023-11-23
Fix Resolution: eth-abi - 4.2.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)