Function Call With Incorrect Order of Arguments Affecting vyper package, versions [,0.3.8)
Threat Intelligence
EPSS
0.08% (36th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-VYPER-5529831
- published 12 May 2023
- disclosed 12 May 2023
- credit Unknown
Introduced: 12 May 2023
CVE-2023-32059 Open this link in a new tabHow to fix?
Upgrade vyper
to version 0.3.8 or higher.
Overview
vyper is a Pythonic Smart Contract Language for the EVM.
Affected versions of this package are vulnerable to Function Call With Incorrect Order of Arguments when processing default keyword arguments for internal calls, which are added from left to right rather than from right to left. If the types are incompatible typechecking is bypassed.
NOTE: The ability to pass kwargs to internal functions is an undocumented feature.
References
CVSS Scores
version 3.1