Improper Input Validation Affecting vyper package, versions [,0.3.0)
Threat Intelligence
EPSS
0.05% (23rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-VYPER-1728394
- published 6 Oct 2021
- disclosed 6 Oct 2021
- credit Unknown
Introduced: 6 Oct 2021
CVE-2021-41122 Open this link in a new tabHow to fix?
Upgrade vyper
to version 0.3.0 or higher.
Overview
vyper is a Pythonic Smart Contract Language for the EVM.
Affected versions of this package are vulnerable to Improper Input Validation. External functions do not properly validate the bounds of decimal arguments, which can lead to logic errors.
References
CVSS Scores
version 3.1