Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36430?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36430?format=api", "vulnerability_id": "VCID-pvjj-s95r-u3f7", "summary": "Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.", "aliases": [ { "alias": "CVE-2023-30629" }, { "alias": "GHSA-w9g2-3w7p-72g9" }, { "alias": "PYSEC-2023-131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33500?format=api", "purl": "pkg:pypi/vyper@0.3.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-pcsz-xwb8-7yh4" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.8" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27455?format=api", "purl": "pkg:pypi/vyper@0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-297e-aexx-ykea" }, { "vulnerability": "VCID-3f9m-vgt7-m7gg" }, { "vulnerability": "VCID-5zbv-sgt1-y3be" }, { "vulnerability": "VCID-6u3h-yjk9-nbhx" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-8jrz-6s9h-4bfh" }, { "vulnerability": "VCID-8qex-3tef-skby" }, { "vulnerability": "VCID-a8ph-1jta-uka1" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-edbb-gb6x-7kby" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-mw5j-2jm9-j3dv" }, { "vulnerability": "VCID-pvjj-s95r-u3f7" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-unvz-641j-6qat" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/27456?format=api", "purl": "pkg:pypi/vyper@0.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-297e-aexx-ykea" }, { "vulnerability": "VCID-3f9m-vgt7-m7gg" }, { "vulnerability": "VCID-5zbv-sgt1-y3be" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-8qex-3tef-skby" }, { "vulnerability": "VCID-a8ph-1jta-uka1" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-edbb-gb6x-7kby" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-mw5j-2jm9-j3dv" }, { "vulnerability": "VCID-pvjj-s95r-u3f7" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/27893?format=api", "purl": "pkg:pypi/vyper@0.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-297e-aexx-ykea" }, { "vulnerability": "VCID-3f9m-vgt7-m7gg" }, { "vulnerability": "VCID-5zbv-sgt1-y3be" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-8qex-3tef-skby" }, { "vulnerability": "VCID-a8ph-1jta-uka1" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-edbb-gb6x-7kby" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-mw5j-2jm9-j3dv" }, { "vulnerability": "VCID-pvjj-s95r-u3f7" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/27894?format=api", "purl": "pkg:pypi/vyper@0.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-297e-aexx-ykea" }, { "vulnerability": "VCID-3f9m-vgt7-m7gg" }, { "vulnerability": "VCID-5zbv-sgt1-y3be" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-a8ph-1jta-uka1" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-edbb-gb6x-7kby" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-mw5j-2jm9-j3dv" }, { "vulnerability": "VCID-pvjj-s95r-u3f7" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/33497?format=api", "purl": "pkg:pypi/vyper@0.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-297e-aexx-ykea" }, { "vulnerability": "VCID-3f9m-vgt7-m7gg" }, { "vulnerability": "VCID-5zbv-sgt1-y3be" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-a8ph-1jta-uka1" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-edbb-gb6x-7kby" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-mw5j-2jm9-j3dv" }, { "vulnerability": "VCID-pvjj-s95r-u3f7" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/33498?format=api", "purl": "pkg:pypi/vyper@0.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-297e-aexx-ykea" }, { "vulnerability": "VCID-3f9m-vgt7-m7gg" }, { "vulnerability": "VCID-5zbv-sgt1-y3be" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-a8ph-1jta-uka1" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-edbb-gb6x-7kby" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-mw5j-2jm9-j3dv" }, { "vulnerability": "VCID-pvjj-s95r-u3f7" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/33499?format=api", "purl": "pkg:pypi/vyper@0.3.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1q3x-5eug-afdg" }, { "vulnerability": "VCID-1r9c-w5zc-6ker" }, { "vulnerability": "VCID-27ed-mhnf-ykgz" }, { "vulnerability": "VCID-297e-aexx-ykea" }, { "vulnerability": "VCID-3f9m-vgt7-m7gg" }, { "vulnerability": "VCID-5zbv-sgt1-y3be" }, { "vulnerability": "VCID-7nbf-6rd9-2uap" }, { "vulnerability": "VCID-a8ph-1jta-uka1" }, { "vulnerability": "VCID-br4v-y1ka-wbh2" }, { "vulnerability": "VCID-c8rf-ec8a-gybs" }, { "vulnerability": "VCID-cp7n-z6w9-k3bn" }, { "vulnerability": "VCID-cpb5-3f58-5ueb" }, { "vulnerability": "VCID-djvb-mdjy-b7g5" }, { "vulnerability": "VCID-edbb-gb6x-7kby" }, { "vulnerability": "VCID-h6ck-r6j1-yuhp" }, { "vulnerability": "VCID-m355-31jd-1kfq" }, { "vulnerability": "VCID-mw5j-2jm9-j3dv" }, { "vulnerability": "VCID-pvjj-s95r-u3f7" }, { "vulnerability": "VCID-qfyr-upmm-duea" }, { "vulnerability": "VCID-shx9-8v43-9qem" }, { "vulnerability": "VCID-sy1y-q8ym-f3ft" }, { "vulnerability": "VCID-vchm-6wyg-83hk" }, { "vulnerability": "VCID-vz6u-kbjy-hkfc" }, { "vulnerability": "VCID-wc7x-rsqa-bkcm" }, { "vulnerability": "VCID-wmen-dnf4-2kef" }, { "vulnerability": "VCID-x4dz-scmh-b7dj" }, { "vulnerability": "VCID-x6fh-e77r-pycx" }, { "vulnerability": "VCID-zkhz-ckgg-hkat" }, { "vulnerability": "VCID-zsnu-88np-fyet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/vyper@0.3.7" } ], "references": [ { "reference_url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://docs.vyperlang.org/en/v0.3.7/built-in-functions.html#raw_call" }, { "reference_url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/lidofinance/gate-seals/blob/051593e74df01a4131c485b4fda52e691cd4b7d8/contracts/GateSeal.vy#L164" }, { "reference_url": "https://github.com/lidofinance/gate-seals/pull/5/files", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/lidofinance/gate-seals/pull/5/files" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-131.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2023-131.yaml" }, { "reference_url": "https://github.com/vyperlang/vyper", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/vyperlang/vyper" }, { "reference_url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/vyperlang/vyper/commit/851f7a1b3aa2a36fd041e3d0ed38f9355a58c8ae" }, { "reference_url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-w9g2-3w7p-72g9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30629", "reference_id": "CVE-2023-30629", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30629" }, { "reference_url": "https://github.com/advisories/GHSA-w9g2-3w7p-72g9", "reference_id": "GHSA-w9g2-3w7p-72g9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w9g2-3w7p-72g9" } ], "weaknesses": [ { "cwe_id": 670, "name": "Always-Incorrect Control Flow Implementation", "description": "The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.5 - 7.5", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvjj-s95r-u3f7" }