Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/web3@0.20.7
Typenpm
Namespace
Nameweb3
Version0.20.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-9hm9-fg45-27gq
vulnerability_id VCID-9hm9-fg45-27gq
summary 
Insecure Credential Storage in web3
All versions of `web3` are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Site Scripting vulnerability to access the private key. No fix is currently available. Consider using an alternative module until a fix is made available.
references
0
reference_url https://github.com/ethereum/web3.js
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ethereum/web3.js
1
reference_url https://github.com/ethereum/web3.js/issues/2739
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/ethereum/web3.js/issues/2739
2
reference_url https://snyk.io/vuln/SNYK-JS-WEB3-174533
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-WEB3-174533
3
reference_url https://www.npmjs.com/advisories/877
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/advisories/877
4
reference_url https://github.com/advisories/GHSA-27v7-qhfv-rqq8
reference_id GHSA-27v7-qhfv-rqq8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27v7-qhfv-rqq8
fixed_packages
aliases GHSA-27v7-qhfv-rqq8, GMS-2019-66
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hm9-fg45-27gq
Fixing_vulnerabilities
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/web3@0.20.7