MEDIUM 4.3 PyPI
missing clamps for decimal args in external functions
GHSA-c7pr-343r-5c46 · CVE-2021-41122 · PYSEC-2021-366
Published · Modified
Description
Impact
The following code does not properly validate that its input is in bounds.
@external
def foo(x: decimal) -> decimal:
return x
Patches
0.3.0 / #2447
Workarounds
Don't use decimal args
References
- WEB https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-41122
- WEB https://github.com/vyperlang/vyper/pull/2447
- WEB https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2021-366.yaml
- PACKAGE https://github.com/vyperlang/vyper
Ready to move
Start Securing
Free, no credit card | First findings in minutes