Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40chainsafe/lodestar-cli@0.31.1-dev.41
Typenpm
Namespace@chainsafe
Namelodestar-cli
Version0.31.1-dev.41
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.36.0
Latest_non_vulnerable_version0.36.0
Affected_by_vulnerabilities
0
url VCID-x77g-y3rq-ckeq
vulnerability_id VCID-x77g-y3rq-ckeq
summary 
AttesterSlashing number overflow
### Impact

Possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerSlashing` being included on-chain.

Since we represent `uint64` values as native javascript `number`s, there is an issue when those variables with large (greater than 2^53) `uint64` values are included on chain. In those cases, Lodestar may view _valid_ `AttesterSlashing` or `ProposerSlashing` as _invalid_, due to rounding errors in large `number` values. This causes a consensus split, where Lodestar nodes are forked away from the main network.

Similarly Lodestar may consider _invalid_ `ProposerSlashing` as _valid_, thus including in proposed blocks that will be considered invalid by the network.

### Patches

https://github.com/ChainSafe/lodestar/pull/3977

### Workarounds

Use `BigInt` to represent `Slot` and `Epoch` values in `AttesterSlashing` and `ProposerSlashing` objects. `BigInt` is too slow to be used in all `Slot` and `Epoch` cases, so we will carefully use `BigInt` just where necessary for consensus.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-29219
reference_id
reference_type
scores
0
value 0.0042
scoring_system epss
scoring_elements 0.6228
published_at 2026-06-05T12:55:00Z
1
value 0.0042
scoring_system epss
scoring_elements 0.6226
published_at 2026-06-08T12:55:00Z
2
value 0.0042
scoring_system epss
scoring_elements 0.62276
published_at 2026-06-07T12:55:00Z
3
value 0.0042
scoring_system epss
scoring_elements 0.62287
published_at 2026-06-06T12:55:00Z
4
value 0.0042
scoring_system epss
scoring_elements 0.62231
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-29219
1
reference_url https://github.com/ChainSafe/lodestar
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ChainSafe/lodestar
2
reference_url https://github.com/ChainSafe/lodestar/pull/3977
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ChainSafe/lodestar/pull/3977
3
reference_url https://github.com/ChainSafe/lodestar/releases/tag/v0.36.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ChainSafe/lodestar/releases/tag/v0.36.0
4
reference_url https://github.com/ChainSafe/lodestar/security/advisories/GHSA-cvj7-5f3c-9vg9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ChainSafe/lodestar/security/advisories/GHSA-cvj7-5f3c-9vg9
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-29219
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-29219
6
reference_url https://github.com/advisories/GHSA-cvj7-5f3c-9vg9
reference_id GHSA-cvj7-5f3c-9vg9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cvj7-5f3c-9vg9
fixed_packages
0
url pkg:npm/%40chainsafe/lodestar-cli@0.36.0
purl pkg:npm/%40chainsafe/lodestar-cli@0.36.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540chainsafe/lodestar-cli@0.36.0
aliases CVE-2022-29219, GHSA-cvj7-5f3c-9vg9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x77g-y3rq-ckeq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540chainsafe/lodestar-cli@0.31.1-dev.41