GSA_kwCzR0hTQS1wNzVnLWdjdjUtNDJxZ84AAlex

High EPSS: 0.00119% (0.3152 Percentile) EPSS:

Permalink JSON

Grin insufficient data validation

Affected Packages	Affected Versions	Fixed Versions
cargo:grin PURL: `pkg:cargo/grin`	>= 3.0.0, < 4.0.0	4.0.0
0 Dependent packages 0 Dependent repositories 41,275 Downloads total Affected Version Ranges All affected versions 3.0.0, 3.1.0, 3.1.1 All unaffected versions 0.4.0, 0.4.2, 0.5.0, 0.5.1, 1.0.0, 1.0.3, 1.1.0, 2.0.0, 2.1.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 5.0.0, 5.0.1, 5.0.4, 5.1.0, 5.1.2, 5.2.0, 5.3.0, 5.3.1, 5.3.3

Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-15899
https://github.com/mimblewimble/grin-security/blob/master/CVEs/CVE-2020-15899.md
https://github.com/mimblewimble/grin/compare/v3.1.1...v4.0.0
https://github.com/advisories/GHSA-p75g-gcv5-42qg

Identifiers

GHSA-p75g-gcv5-42qg

CVE-2020-15899

Risk

Severity

High

EPSS

EPSS Percentage: 0.00119

EPSS Percentile: 0.3152

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/mimblewimble/grin-security

Date and time

Published

over 3 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories