@ensdomains/ens/.../ens@0.3.4 vulnerabilities

Implementations for registrars and local resolvers for the Ethereum Name Service

  • latest version

    0.6.2

  • latest non vulnerable version

  • first published

    6 years ago

  • latest version published

    3 years ago

  • deprecated

    Package is deprecated

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @ensdomains/ens package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Improper Authorization

    @ensdomains/ens is an implementation for registrars and local resolvers for the Ethereum Name Service.

    Affected versions of this package are vulnerable to Improper Authorization. A user who owns an ENS domain can set a "trapdoor", allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent or awareness

    How to fix Improper Authorization?

    Upgrade @ensdomains/ens to version 0.4.0 or higher.

    <0.4.0