npm package
@solana/web3.js
pkg:npm/%40solana/web3.js
Malware
2 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2024-11183Malicious code in @solana/web3.js (npm)Dec 3, 2024
- GHSA-2mhj-xmf4-pr8mDuplicate Advisory: Malware in @solana/web3.jsDec 3, 2024
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-54134 | Hig | — | >= 1.95.6, < 1.95.8 | 1.95.8 | Dec 4, 2024 | A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from | |
| CVE-2024-30253 | Hig | 7.5 | >= 1.91.0, < 1.91.3 | 1.91.3 | Apr 17, 2024 | @solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may |
- affected >= 1.95.6, < 1.95.8fixed 1.95.8
A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from
- affected >= 1.91.0, < 1.91.3fixed 1.91.3
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may