Low severity3.1OSV Advisory· Published Jul 30, 2024· Updated Apr 15, 2026

CVE-2024-41945

Description

fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the fund function in fuels-ts/packages/account/src/account.ts gets the needed ressources statelessly with the function getResourcesToSpend without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the txpool / in a block or a previous transaction silently getting removed from the txpool and replaced with a new one.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
@fuel-ts/accountnpm	< 0.93.0	0.93.0

Affected products

Fuellabs/Fuels TsOSV
Range: v0.10.0, v0.11.0, v0.12.0, …

Patches

bd1cbd90c2fa

https://github.com/fuellabs/fuels-tsvia osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-3jcg-vx7f-j6qfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-41945ghsaADVISORY
github.com/FuelLabs/fuels-ts/commit/16ee1bfe66733551d00f0a76c21e8a09ea33006fghsaWEB
github.com/FuelLabs/fuels-ts/security/advisories/GHSA-3jcg-vx7f-j6qfnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.202
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000