GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

GHSA-23qp-3c2m-xx6w: wasmvm: Malicious smart contract can crash the chain

GHSA-9crc-q9x8-hgqq: Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within FLOW3.

To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the FLOW3 Base Distribution. However, there might be exploitable objects within user applications.

**Insecure deserialize Vulnerability in FLOW3**

Low severity GitHub Reviewed Published May 17, 2024 to the GitHub Advisory Database • Updated May 17, 2024

Headline

GHSA-7h74-7vcw-4mwp: Insecure deserialize Vulnerability in FLOW3

ghsa: Latest News