Home > Vulnerability Database > CVE-2024-41945

Mend.io Vulnerability Database

CVE-2024-41945

Good to know:

Date: July 30, 2024

fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the "fund" function in "fuels-ts/packages/account/src/account.ts" gets the needed ressources statelessly with the function "getResourcesToSpend" without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the "txpool" / in a block or a previous transaction silently getting removed from the "txpool" and replaced with a new one.

Language: TYPE_SCRIPT

Severity Score

3.1

Related Resources (5)

Url: https://github.com/FuelLabs/fuels-ts

Url: https://github.com/FuelLabs/fuels-ts/commit/16ee1bfe66733551d00f0a76c21e8a09ea33006f

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41945

Url: https://github.com/FuelLabs/fuels-ts/security/advisories/GHSA-3jcg-vx7f-j6qf

Url: https://www.mend.io/vulnerability-database/CVE-2024-41945

Severity Score

3.1

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version @fuel-ts/account - 0.93.0

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41945

Good to know:

Date: July 30, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?