{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-30543", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-04-12T15:19:33.767Z", "datePublished": "2023-04-17T21:02:20.566Z", "dateUpdated": "2025-02-05T20:44:45.955Z"}, "containers": {"cna": {"title": "`chainId` may be outdated if user changes chains as part of connection in @web3-react", "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "lang": "en", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g"}, {"name": "https://github.com/Uniswap/web3-react/pull/749", "tags": ["x_refsource_MISC"], "url": "https://github.com/Uniswap/web3-react/pull/749"}], "affected": [{"vendor": "Uniswap", "product": "web3-react", "versions": [{"version": "@web3-react/coinbase-wallet: >= 6, < 8.0.35-beta.0", "status": "affected"}, {"version": "@web3-react/eip1193: >= 6, < 8.0.27-beta.0", "status": "affected"}, {"version": "@web3-react/metamask: >= 6, < 8.0.30-beta.0", "status": "affected"}, {"version": "@web3-react/walletconnect: >= 6, < 8.0.37-beta.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-17T21:02:20.566Z"}, "descriptions": [{"lang": "en", "value": "@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.\n\n\n"}], "source": {"advisory": "GHSA-8pf3-6fgr-3g3g", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:28:51.964Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g"}, {"name": "https://github.com/Uniswap/web3-react/pull/749", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Uniswap/web3-react/pull/749"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T20:44:39.524121Z", "id": "CVE-2023-30543", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:44:45.955Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g", "name": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/Uniswap/web3-react/pull/749", "name": "https://github.com/Uniswap/web3-react/pull/749", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:28:51.964Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-30543", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-05T20:44:39.524121Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:44:29.510Z"}}], "cna": {"title": "`chainId` may be outdated if user changes chains as part of connection in @web3-react", "source": {"advisory": "GHSA-8pf3-6fgr-3g3g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Uniswap", "product": "web3-react", "versions": [{"status": "affected", "version": "@web3-react/coinbase-wallet: >= 6, < 8.0.35-beta.0"}, {"status": "affected", "version": "@web3-react/eip1193: >= 6, < 8.0.27-beta.0"}, {"status": "affected", "version": "@web3-react/metamask: >= 6, < 8.0.30-beta.0"}, {"status": "affected", "version": "@web3-react/walletconnect: >= 6, < 8.0.37-beta.0"}]}], "references": [{"url": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g", "name": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Uniswap/web3-react/pull/749", "name": "https://github.com/Uniswap/web3-react/pull/749", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.\n\n\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-17T21:02:20.566Z"}}}, "cveMetadata": {"cveId": "CVE-2023-30543", "state": "PUBLISHED", "dateUpdated": "2025-02-05T20:44:45.955Z", "dateReserved": "2023-04-12T15:19:33.767Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-04-17T21:02:20.566Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "EEBFBE76-81D0-43F6-B053-204660EA69D8", "versionEndIncluding": "6.2.14", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:7.0.0:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "97D99617-066C-418D-94D8-4347CB79080F", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:7.0.1:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "031B164B-0B30-47A5-99F9-431107CAAC07", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:7.0.2:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "867EF023-78A0-4DF1-9225-1A23F0B41FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.22:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "3357042F-348C-4970-AD48-45318EBA869C", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.23:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "20DB4C57-49EA-4FF6-8AC6-370581D2D3F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.24:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "F840A555-FBFD-4BEC-A3CE-F2D42948A9C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.25:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "7F5BCBDC-D135-4E68-91DF-2073AD6E3F96", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.26:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "2C6DECF6-4481-47FE-9E84-BA68AB45CB18", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.27:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "A4EDC936-105D-42E5-ABC4-2309970F7E8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.28:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "115D9333-BAB9-4B1D-90C5-374757D77EBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.29:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "619AD668-2C0E-48A2-9EC7-4CEB4FEC8C0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.30:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "60EA6555-CEC5-4726-9F27-11464168CC60", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.31:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "EB7BDA79-CEFA-466D-B696-9B6B5FD46273", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.32:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "9B73A41C-7FF8-4C70-9E4D-D88A3B9E811A", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.33:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "3C320420-064D-4A99-B361-588BAC742AE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.34:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "1D85B19D-9264-49F8-B472-C5E26A3E3CB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E9945BED-1282-445E-A141-B64DB4B774B1", "versionEndIncluding": "6.2.14", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:7.0.0:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "88E0A362-4D84-4BF8-82A5-119B1DBFA9E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:7.0.1:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "1E311586-48D8-4B91-9C94-664BCE4DB774", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:7.0.2:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "E9095F45-86D2-41E7-A8E3-73CE5F2BF948", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.0:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "7026070E-CF9E-49CF-882E-DA832E97373E", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.1:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "037304D2-EC67-4A0F-B6A7-FA6AEEB087EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.2:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "7BA69DAA-B14D-457F-87DB-A16A11AC4401", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.3:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "CC86A96C-F9EA-4AAA-ADF7-FE9E51759265", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.4:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "4B096244-8479-4D38-9D51-5050F326B529", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.5:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "A1FA871A-D2F0-4D62-832D-AAF9E1E65EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.6:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "7F3DD9C1-4434-43A9-BA06-4BDA9B1238F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.7:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "3895DD87-F00B-46CA-8940-9FA5AB2321C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.8:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "54DA795F-160A-4B14-9B1E-9C4AF2BDB290", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.9:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "FAC5FCA5-B513-4F33-B4A1-CF2DED498265", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.10:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "F560CCFA-5CC1-439E-A765-13CF408C99E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.11:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "B1DAF74A-591C-488E-BBF0-3D098DE64430", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.12:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "0A701642-A843-45B1-8051-E324CC84F17A", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.13:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "9383845D-5168-400C-ADC1-1E34EEE012CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.14:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "E6B03541-EB4E-4E2A-A353-497A6C7C6E8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.15:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "6CE2809F-9A2B-471B-A78E-51274067A33F", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.16:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "11A4D81C-3932-4DAE-B716-BA221DA3B710", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.17:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "DB765028-E18F-4FB2-838D-D8694A21E1C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.18:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "2F60F106-CB6B-46E9-B971-DE8B0C4EB5BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.19:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "BC840E7C-779D-43D7-A5CE-19C461F8A11A", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.20:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "2F17D287-184C-4BED-B517-055E0A7DF245", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.21:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "5EAB98DE-05D8-47E6-B11C-236103DD2378", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.22:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "6E8552BF-0D0A-4B34-A75F-35693EF8C2D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.23:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "F9395ADA-F9FC-4649-8DE3-38A95E25FDCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.24:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "93293BE4-5EB5-447C-A13E-777F2EEA8F42", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.25:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "D0EF23D5-1295-44A5-883D-53A7EA7EFC68", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_eip1193:8.0.26:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "1987A468-04DC-46C3-A422-7FEFDBD5FEE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "9A952A54-631B-41CB-B6EE-949C7AB5FD98", "versionEndIncluding": "6.2.14", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.0:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "2FD59F45-0C54-489C-95EC-D5D6BCF3BE76", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.1:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "C821AA73-2143-45DD-8EBC-480239A1E3AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.2:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "E4FCFFC4-2CDA-49EF-89D8-5D9BD42B456C", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.3:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "A205FCE5-74B4-4A14-882B-5CBB07A6B473", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.4:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "8787AAE0-BF4D-4E57-BF28-CE760AEDBAF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.5:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "0BFEF4F2-8C57-416C-8C46-1F2DC6D4ADBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.6:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "1FA03C82-B495-43DF-ABBE-2B81F19EFC10", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.7:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "316E2F68-1C06-4264-9EDB-EF605F66FA16", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.8:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "ED11C0C2-BE02-434E-9F95-76423EF75266", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.9:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "B6FEDEF0-F462-4C73-B6F1-C054DF5E3413", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.10:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "4634A2DE-5D45-44CE-AAAE-8E0095F159F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.11:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "5F1B5D39-762F-4C5A-8484-D9A256BDB16F", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.12:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "6522CB1E-4934-4AC1-A21F-850284525822", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.13:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "F4E7904E-1FAB-4C67-8D1C-4C5DD337B0AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.14:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "764584DB-A387-4D03-B750-2DE84D87BC67", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.15:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "54152970-56DE-4B5E-B83D-EBC49E21BC21", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.16:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "B6B625E4-486B-4B18-9E69-942854470587", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.17:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "19254D44-7BCE-4981-ADBB-3D10F9BACDAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.18:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "80479B38-2073-4A42-BEBE-E0B6DE7B3368", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.19:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "187C9F7C-192D-4B44-840A-F32EDF373733", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.20:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "87EF8A5D-8268-4913-9549-D9BBAB8AE0CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.21:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "B79AC902-5E55-4864-AF4A-499FA84D78FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.22:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "060DAC18-584C-4D3E-99F4-C52761524551", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.23:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "D82E7C03-C0AC-4854-95B6-D2D352C8B683", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.24:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "C8A6A915-5D90-4181-97AA-3149F676D3B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.25:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "D27FD8D0-8E87-47DE-B30F-D17ED01F1E72", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.26:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "2DE0AA39-E51B-40E2-94B3-1FA051296A87", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.27:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "21DF3197-787E-4A6D-A9DD-5BDF8D8BE5D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.28:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "41D3FBBD-4E4C-4EA0-8E12-4D03345238A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_metamask:8.0.29:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "D29E4061-1A92-48BD-BE9F-B86797484360", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "A12C8740-1891-4658-9A3E-9C203CBEE030", "versionEndIncluding": "6.2.14", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:7.0.0:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "099E7111-3B4A-4D47-A709-51B8E65D9759", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:7.0.1:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "3466C3DC-A21E-45CC-A6DF-F83075051BC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:7.0.2:alpha0:*:*:*:node.js:*:*", "matchCriteriaId": "5E76DC69-DFB1-4A1D-8E41-0F1482B58443", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.0:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "5DB50B68-080A-4959-8C6F-8D1A73C43A91", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.1:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "D0D96752-4FAB-4449-ADE2-18E0BE8A0B42", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.2:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "B27AE5A9-863E-4D87-890F-E47236094496", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.3:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "BCBDDDC3-F551-41BA-8E23-C69D5FE77C41", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.4:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "0BFA2ED3-E3D2-42C6-8FB8-4526BFFA8880", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.5:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "822B7769-961F-432A-AE9A-63E968423ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.6:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "E0F87FF4-A7D4-4024-B03D-B9B44BD56FE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.7:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "F42F65E7-76D0-41D3-BFFD-6A5799164BAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.8:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "B815323F-8B88-4A95-8750-A9713F42A92A", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.9:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "56B34226-45B2-44E3-838C-51FEF35DB86F", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.10:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "9D325B50-AAD9-4512-B32C-39B1C4A22AB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.11:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "860A5001-3C21-46AF-903D-0C4C4C08DA30", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.12:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "613584C9-5948-4412-97C1-330C2DC36291", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.13:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "2172774E-4C8A-4396-B19D-7F36D6486E3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.14:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "4E4E85C3-0E0C-48E7-8C04-C0EC77B66F18", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.15:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "3D72EF8E-E5BB-4EF6-8A51-6011BDB5B262", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.16:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "3D403B3F-CB79-415B-998B-B9FFDCCF221A", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.17:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "376781DD-1BBB-4F3C-BDDE-5714BBC5CA00", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.18:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "6B29EB85-CDB3-4967-8858-63212A341A28", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.19:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "2168E438-464A-4EDF-8139-C9EA7CDA55E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.20:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "64389A41-12A9-4410-A1FA-587054982C90", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.21:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "29028227-3240-46BC-A695-23EED253278D", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.22:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "F8143558-F427-4C1F-977A-6033C7A90A63", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.23:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "A3B0CF35-F6C5-4575-AFFC-077AC35632D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.24:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "04340C0D-877D-4040-B17F-85CCD3A63572", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.25:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "BB50BB32-A922-45E3-A0C3-2471FE7A6B6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.26:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "C2F73DAE-A07B-47DE-B55C-3047DAF0CE49", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.27:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "FA9B29EC-6BFE-4C61-A1EF-B748BEF5CE8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.28:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "7079F6EE-59C7-4475-AE19-8E3BDFD825B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.29:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "0A1C0321-0111-44FC-9F9C-4CF3748C0CB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.30:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "68C33FF7-711F-4A8D-98EF-00EBBE97FA23", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.31:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "6CA3FB5A-F9EB-4D23-968B-75230B940AC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.32:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "C2B2B665-2B94-4876-A508-3BC9D15507F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.33:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "3B57214D-E716-4902-82BE-B5511978C95E", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.34:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "52B3A395-2934-4279-AFD0-446F07C5F4F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.35:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "384DC229-5EDE-43A5-A6EC-36C69866AB7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.36:beta0:*:*:*:node.js:*:*", "matchCriteriaId": "D47B96E7-8AEF-4C2A-9DDB-7014A333043C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.\n\n\n"}], "id": "CVE-2023-30543", "lastModified": "2024-11-21T08:00:23.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-17T22:15:10.420", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/Uniswap/web3-react/pull/749"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/Uniswap/web3-react/pull/749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}