stellar-sdk@2.3.0 vulnerabilities

A library for working with the Stellar network, including communication with the Horizon and Soroban RPC servers.

Direct Vulnerabilities

Known vulnerabilities in the stellar-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Authentication

stellar-sdk is a stellar-sdk is a library for working with the Stellar Horizon server.

Affected versions of this package are vulnerable to Improper Authentication due to missing serverAccountID signature verification in Utils.readChallengeTx.

How to fix Improper Authentication?

Upgrade stellar-sdk to version 8.2.3 or higher.

<8.2.3