Home > Vulnerability Database > MSC-2024-17462

Mend.io Vulnerability Database

MSC-2024-17462

Good to know:

Date: December 4, 2024

A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of this package. These compromised versions contain injected malicious code that is designed to steal private keys from unsuspecting developers and users, potentially enabling attackers to drain cryptocurrency wallets. We recommend either upgrading to the latest safe version - 1.95.8. or downgrading back to 1.95.5

Language: JS

Severity Score

8.6

Related Resources (4)

Url: https://github.com/advisories/GHSA-2mhj-xmf4-pr8m

Url: https://my.diffend.io/npm/@solana/web3.js/prev/1.95.7

Url: https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html

Url: https://www.mend.io/vulnerability-database/MSC-2024-17462

Severity Score

8.6

Weakness Type (CWE)

Embedded Malicious Code

CWE-506

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

MSC-2024-17462

Good to know:

Date: December 4, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?