@ensdomains/ens/.../ens@0.3.0 vulnerabilities

Implementations for registrars and local resolvers for the Ethereum Name Service

latest version

0.6.2

latest non vulnerable version

0.6.2

first published

6 years ago

latest version published

3 years ago

deprecated

Package is deprecated

licenses detected

CC0-1.0
>=0

View ens package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @ensdomains/ens package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improper Authorization @ensdomains/ens is an implementation for registrars and local resolvers for the Ethereum Name Service. Affected versions of this package are vulnerable to Improper Authorization. A user who owns an ENS domain can set a "trapdoor", allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent or awareness How to fix Improper Authorization? Upgrade `@ensdomains/ens` to version 0.4.0 or higher.	<0.4.0

Improper Authorization

@ensdomains/ens is an implementation for registrars and local resolvers for the Ethereum Name Service.

Affected versions of this package are vulnerable to Improper Authorization. A user who owns an ENS domain can set a "trapdoor", allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent or awareness

How to fix Improper Authorization?

Upgrade @ensdomains/ens to version 0.4.0 or higher.

<0.4.0

Go back to all versions of this package