Skip to content

Commit 9d72818

Browse files
1 parent 337612e commit 9d72818

1 file changed

Lines changed: 33 additions & 3 deletions

File tree

advisories/github-reviewed/2025/12/GHSA-4jmp-x7mh-rgmr/GHSA-4jmp-x7mh-rgmr.json

Lines changed: 33 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-4jmp-x7mh-rgmr",
4-
"modified": "2025-12-18T01:06:46Z",
4+
"modified": "2026-01-22T16:10:26Z",
55
"published": "2025-12-12T20:15:03Z",
66
"aliases": [],
77
"summary": "Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration",
8-
"details": "### Summary\n\nThe anti-slashing is not effective if the attacker can access EOTS manager endpoints.\n\n### Impact\n\nIf the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints",
8+
"details": "### Summary\n\nThe anti-slashing is not effective if the attacker can access EOTS manager endpoints.\n\n### Impact\n\nIf the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints.\n\nReport credits go to: x.com/RebelsRunways",
99
"severity": [
1010
{
1111
"type": "CVSS_V4",
@@ -26,10 +26,40 @@
2626
"introduced": "0"
2727
},
2828
{
29-
"last_affected": "1.0.3"
29+
"fixed": "1.0.4"
3030
}
3131
]
3232
}
33+
],
34+
"database_specific": {
35+
"last_known_affected_version_range": "<= 1.0.3"
36+
}
37+
},
38+
{
39+
"package": {
40+
"ecosystem": "Go",
41+
"name": "github.com/babylonlabs-io/finality-provider"
42+
},
43+
"versions": [
44+
"1.1.0-rc.0"
45+
]
46+
},
47+
{
48+
"package": {
49+
"ecosystem": "Go",
50+
"name": "github.com/babylonlabs-io/finality-provider"
51+
},
52+
"versions": [
53+
"1.1.0-rc.1"
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Go",
59+
"name": "github.com/babylonlabs-io/finality-provider"
60+
},
61+
"versions": [
62+
"1.99.0-devnet.6"
3363
]
3464
}
3565
],

0 commit comments

Comments
 (0)