PYSEC-2023-305

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/vyper/PYSEC-2023-305.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2023-305

Aliases

Published

2023-09-18T21:16:00Z

Modified

2024-11-21T14:57:14.248607Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant("") or @nonreentrant('') do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.

References

Affected packages

PyPI / vyper

Package

Name: vyper; View open source insights on deps.dev
Purl: pkg:pypi/vyper

Affected ranges

Type: GIT
Repo: https://github.com/vyperlang/vyper
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0b740280c1e3c5528a20d47b29831948ddcc6d83

Type: ECOSYSTEM
Events: Introduced

0.2.9

Fixed

0.3.10

Affected versions

0.*

0.2.9

0.2.10

0.2.11

0.2.12

0.2.13

0.2.14

0.2.15

0.2.16

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.3.8

0.3.9

0.3.10rc1

0.3.10rc2

0.3.10rc3

0.3.10rc4

0.3.10rc5