nvd-json-data-feeds/CVE-2021/CVE-2021-411xx/CVE-2021-41122.json

{
  "id": "CVE-2021-41122",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2021-10-05T23:15:07.487",
  "lastModified": "2021-10-14T16:35:01.247",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0."
    },
    {
      "lang": "es",
      "value": "Vyper es un lenguaje de contrato inteligente de Python para el EVM. En las versiones afectadas, las funciones externas no comprueban correctamente los l\u00edmites de los argumentos decimales. Esto puede conllevar a errores l\u00f3gicos. Este problema ha sido resuelto en la versi\u00f3n 0.3.0"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-682"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:vyper_project:vyper:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "0.3.0",
              "matchCriteriaId": "FAC8B22A-4AA8-466C-8649-0380399A6779"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/vyperlang/vyper/pull/2447",
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}