Improper Input Validation Affecting fuels package, versions <0.93.0
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-FUELS-7574750
- published 31 Jul 2024
- disclosed 30 Jul 2024
- credit Unknown
Introduced: 30 Jul 2024
CVE-2024-41945 Open this link in a new tabHow to fix?
Upgrade fuels
to version 0.93.0 or higher.
Overview
fuels is a Fuel TS SDK
Affected versions of this package are vulnerable to Improper Input Validation via the fund
function in fuels-ts/packages/account/src/account.ts
file, that gets the needed resources statelessly with the function getResourcesToSpend
without taking into consideration already used UTXOs
. This vulnerability will lead to unexpected SDK behaviourthat could cause a transaction to not get included in the txpool
/in a block or for a previous transaction to silently get removed from the txpool
and be replaced with a new one.