NodeJS/web3/1.0.0-beta.41

Ethereum JavaScript API

Repo Link: https://www.npmjs.com/package/web3
License: LGPL-3.0-only

1 Security Vulnerabilities

Insecure Credential Storage in web3

Published date: 2019-05-30T17:26:30Z

Links:

All versions of web3 are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Site Scripting vulnerability to access the private key.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Affected versions: ["0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.6", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.5.0", "0.6.0", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "0.11.0", "0.12.0", "0.12.1", "0.12.2", "0.13.0", "0.14.0", "0.14.1", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.17.0-alpha", "0.17.0-beta", "0.18.0", "0.18.1", "0.18.2", "0.18.4", "0.19.0", "0.19.1", "0.20.0", "0.20.1", "1.0.0-beta1", "1.0.0-beta2", "1.0.0-beta.1", "1.0.0-beta.2", "1.0.0-beta.3", "1.0.0-beta.4", "1.0.0-beta.5", "1.0.0-beta.6", "1.0.0-beta.7", "1.0.0-beta.9", "1.0.0-beta.10", "1.0.0-beta.11", "1.0.0-beta.12", "1.0.0-beta.13", "1.0.0-beta.14", "1.0.0-beta.15", "1.0.0-beta.16", "1.0.0-beta.17", "1.0.0-beta.18", "0.20.2", "1.0.0-beta.19", "1.0.0-beta.20", "1.0.0-beta.21", "1.0.0-beta.22", "1.0.0-beta.23", "1.0.0-beta.24", "1.0.0-beta.25", "1.0.0-beta.26", "0.20.3", "1.0.0-beta.27", "1.0.0-beta.28", "0.20.4", "1.0.0-beta.29", "0.20.5", "1.0.0-beta.30", "1.0.0-beta.31", "0.20.6", "1.0.0-beta.32", "1.0.0-beta.33", "1.0.0-beta.34", "0.20.7", "1.0.0-beta.35", "1.0.0-beta.36", "1.0.0-beta.37", "1.0.0-beta.38", "1.0.0-beta.39", "1.0.0-beta.40", "1.0.0-beta.41", "1.0.0-beta.42", "1.0.0-beta.43", "1.0.0-beta.44", "1.0.0-beta.46", "1.0.0-beta.47", "1.0.0-beta.48", "1.0.0-beta.49", "1.0.0-beta.50", "1.0.0-beta.51", "1.0.0-beta.52", "1.0.0-beta.53", "1.0.0-beta.54", "1.0.0-beta.55", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5-rc.0", "1.2.5", "1.2.6", "1.2.7-rc.0", "1.2.7", "1.2.8-rc.0", "1.2.8-rc.1", "1.2.8", "1.2.9-rc.0", "1.2.9", "1.2.10-rc.0", "1.2.10", "1.2.11", "1.3.0-rc.0", "1.3.0", "1.3.1", "1.3.2-rc.2", "1.3.2", "1.3.3", "1.3.4-rc.1", "1.3.4-rc.2", "1.3.4", "1.3.5-rc.0", "1.3.5", "1.3.6-rc.1", "1.3.6-rc.2", "1.3.6", "1.4.0-rc.0", "1.4.0", "1.5.0-rc.0", "1.5.0-rc.1", "1.5.0", "1.5.1-rc.0", "1.5.1-rc.1", "1.5.1", "1.5.2-rc.0", "1.5.2"]

Secure versions: [2.0.0-alpha, 2.0.0-alpha.1, 3.0.0-rc.0, 3.0.0-rc.1, 3.0.0-rc.4, 3.0.0-rc.5, 1.5.3-rc.0, 1.5.3, 1.6.0-rc.0, 1.6.0, 1.6.1-rc.0, 1.6.1-rc.2, 1.6.1-rc.3, 1.6.1, 1.7.0-rc.0, 1.7.0, 1.7.1-rc.0, 1.7.1, 1.7.2-rc.0, 1.7.2, 1.7.3-rc.0, 1.7.3, 1.7.4-rc.0, 1.7.4-rc.1, 1.7.4-rc.2, 1.7.4, 1.7.5-rc.0, 1.7.5-rc.1, 1.7.5, 4.0.0-alpha.0, 4.0.1-alpha.0, 1.8.0-rc.0, 1.8.0, 1.8.1-rc.0, 4.0.1-alpha.1, 1.8.1, 4.0.1-alpha.2, 4.0.1-alpha.3, 1.8.2-rc.0, 4.0.1-alpha.4, 4.0.1-alpha.5, 1.8.2, 1.9.0-rc.0, 4.0.1-rc.0, 1.9.0, 4.0.1-rc.1, 1.10.0-rc.0, 1.10.0, 4.0.1-rc.2, 4.0.1, 4.0.2-dev.af57eae.0, 4.0.2-dev.f8a2533.0, 4.0.2-dev.ab0f4cb.0, 4.0.2-dev.a2a232f.0, 4.0.2-dev.e8d579c.0, 4.0.2, 4.0.3-dev.a26a888.0, 4.0.3-dev.d12dc7e.0, 4.0.3, 4.0.4-dev.ebd0c57.0, 4.0.4-dev.e143157.0, 4.0.4-dev.ad377d1.0, 4.0.4-dev.b93934a.0, 4.0.4-dev.f5b4d7d.0, 4.0.4-dev.ed2770c.0, 4.0.4-dev.b771112.0, 1.10.1-rc.0, 4.1.0-rc.0, 1.10.1, 4.1.0, 4.1.1-dev.c41d356.0, 4.1.1-dev.f4fd498.0, 4.1.1-dev.a4cae6f.0, 4.1.1-dev.d41a49e.0, 4.1.1-dev.ec6e117.0, 4.1.1, 4.1.2-dev.a325689.0, 1.10.2, 4.1.2-dev.da3e2f5.0, 4.1.2-dev.e4ba45c.0, 4.1.2, 4.1.3-dev.d036166.0, 4.1.3-dev.b8fa712.0, 4.1.3-dev.c490c18.0, 4.1.3-dev.bfcbea8.0, 4.1.3-dev.ae98628.0, 4.1.3-dev.b38f00d.0, 4.1.3-dev.e760667.0, 1.10.3, 4.2.0, 4.2.1-dev.bd3b9a0.0, 4.2.1-dev.a0d6730.0, 4.2.1-dev.f860b04.0, 4.2.1, 4.2.2-dev.f6c7fca.0, 4.2.2-dev.b05345b.0, 4.2.2-dev.f9bcac9.0, 4.2.2, 4.2.3-dev.bcd0706.0, 4.2.3-dev.b9da5a5.0, 4.2.3-dev.ef6f04e.0, 4.2.3-dev.be86e25.0, 4.2.3-dev.d8b8e18.0, 4.2.3-dev.af91519.0, 4.2.3-dev.f8d8774.0, 4.2.3-dev.e6d8c14.0, 4.2.3-dev.b3ccd5c.0, 4.3.0, 4.3.1-dev.cdd99e7.0, 4.3.1-dev.b819ee4.0, 4.3.1-dev.f1c6916.0, 4.3.1-dev.b35eca1.0, 4.3.1-dev.c858390.0, 4.3.1-dev.a4f2f8c.0, 4.3.1-dev.e1080d9.0, 4.3.1-dev.e442fd2.0, 4.3.1-dev.f7d9349.0, 4.3.1-dev.fa4c72b.0, 4.3.1-dev.c097b9a.0, 4.3.1-dev.f9468a8.0, 4.3.1-dev.df594c9.0, 4.3.1-dev.b188714.0, 4.3.1-dev.cc7ff1f.0, 4.3.1-dev.a3fe342.0, 4.4.0, 4.4.1-dev.b49094b.0, 4.4.1-dev.aac2420.0, 4.4.1-dev.a72e99a.0, 1.10.4, 4.4.1-dev.e5673ca.0, 4.4.1-dev.a6b685e.0, 4.4.1-dev.ed1460c.0, 4.4.1-dev.d8b64a8.0, 4.5.0, 4.5.1-dev.a0d4d2e.0, 4.5.1-dev.e774646.0, 4.5.1-dev.f696e47.0, 4.5.1-dev.ec65468.0, 4.5.1-dev.c5cecaf.0, 4.5.1-dev.a2d9cb4.0, 4.5.1-dev.afece40.0, 4.5.1-dev.cf4b93f.0, 4.5.1-dev.b4c92e1.0, 4.5.1-dev.b25b883.0, 4.5.1-dev.ab1b250.0, 4.5.1-dev.bd6cc71.0, 4.5.1-dev.ca31f6a.0, 4.5.1-dev.edf3164.0, 4.5.1-dev.cf60f71.0, 4.6.0, 4.6.1-dev.e383ae3.0, 4.6.1-dev.d254316.0, 4.6.1-dev.a1f9dc4.0, 4.6.1-dev.f943944.0, 4.6.1-dev.a83e9d5.0, 4.6.1-dev.c4e039a.0, 4.7.0, 4.7.1-dev.a173a8f.0, 4.7.1-dev.ce59737.0, 4.7.1-dev.bfb4f6f.0, 4.8.0, 4.8.1-dev.e29deea.0, 4.8.1-dev.dd172c7.0, 4.8.1-dev.d4e937d.0, 4.8.1-dev.ed2781f.0, 4.8.1-dev.de3e8f8.0, 4.8.1-dev.ebbbf1e.0, 4.8.1-dev.b413ebd.0, 4.8.1-dev.c62ef79.0, 4.8.1-dev.f216540.0, 4.8.1-dev.f44dc5b.0, 4.8.1-dev.ac2e180.0, 4.8.1-dev.e0fc158.0, 4.8.1-dev.f4e55bd.0, 4.9.1-dev.fd2982d.0, 4.9.0, 4.9.1-dev.f687df6.0, 4.9.1-dev.b63af9f.0, 4.10.0, 4.11.0, 4.11.1-dev.cbcfc18.0, 4.11.1-dev.e5efe49.0, 4.11.1, 4.11.2-dev.cbbbd84.0, 4.11.2-dev.dee14ec.0, 4.11.2-dev.f87ffbe.0, 4.11.2-dev.d9d0391.0, 4.12.0, 4.12.1-dev.e746566.0, 4.12.1, 4.12.2-dev.f351e00.0, 4.12.2-dev.b86d8ca.0, 4.12.2-dev.b3cb1b7.0, 4.12.2-dev.a21078b.0, 4.13.0, 4.13.1-dev.d6baee6.0, 4.13.1-dev.d45b712.0, 4.13.1-dev.aa471e7.0, 4.13.1-dev.c602fc6.0, 4.13.1-dev.cc99825.0, 4.13.1-dev.dcd9d6a.0, 4.13.1-dev.adf483f.0, 4.13.1-dev.facc2e6.0, 4.13.1-dev.f701406.0, 4.13.1-dev.bbde6ea.0, 4.14.0, 4.14.1-dev.fab66e9.0, 4.14.1-dev.ed85cce.0, 4.14.1-dev.d3baae6.0, 4.14.1-dev.efac906.0, 4.14.1-dev.d446838.0, 4.15.0, 4.15.1-dev.bde1316.0, 4.15.1-dev.e79ace2.0, 4.15.1-dev.acdb0c7.0, 4.15.1-dev.b3ee417.0, 4.16.0, 4.16.1-dev.f41ca32.0, 4.16.1-dev.fa5ce5b.0, 4.16.1-dev.ae99434.0, 4.16.1-dev.bc4a34b.0, 4.16.1-dev.bf16917.0]

Recommendation: Update to version 4.16.0.

371 Other Versions

Version	License	Released
4.16.1-dev.bc4a34b.0	LGPL-3.0-only	2025-01-16 - 12:25	4 months
4.16.1-dev.f41ca32.0	LGPL-3.0-only	2024-12-10 - 16:17	5 months
4.16.1-dev.bf16917.0	LGPL-3.0-only	2025-01-17 - 13:28	4 months
4.16.1-dev.ae99434.0	LGPL-3.0-only	2024-12-11 - 21:28	5 months
4.16.1-dev.fa5ce5b.0	LGPL-3.0-only	2024-12-10 - 16:17	5 months
4.16.0	LGPL-3.0-only	2024-12-03 - 16:46	5 months
4.15.1-dev.acdb0c7.0	LGPL-3.0-only	2024-12-03 - 13:21	5 months
4.15.1-dev.b3ee417.0	LGPL-3.0-only	2024-12-03 - 13:21	5 months
4.15.1-dev.e79ace2.0	LGPL-3.0-only	2024-11-19 - 10:14	6 months
4.15.1-dev.bde1316.0	LGPL-3.0-only	2024-11-14 - 10:18	6 months
4.15.0	LGPL-3.0-only	2024-11-06 - 22:56	6 months
4.14.1-dev.ed85cce.0	LGPL-3.0-only	2024-10-21 - 16:16	7 months
4.14.1-dev.d3baae6.0	LGPL-3.0-only	2024-10-24 - 13:48	7 months
4.14.1-dev.efac906.0	LGPL-3.0-only	2024-10-28 - 14:21	7 months
4.14.1-dev.fab66e9.0	LGPL-3.0-only	2024-10-21 - 15:04	7 months
4.14.1-dev.d446838.0	LGPL-3.0-only	2024-11-04 - 20:00	6 months
4.14.0	LGPL-3.0-only	2024-10-21 - 14:26	7 months
4.13.1-dev.d6baee6.0	LGPL-3.0-only	2024-09-23 - 18:49	8 months
4.13.1-dev.d45b712.0	LGPL-3.0-only	2024-09-24 - 12:43	8 months
4.13.1-dev.dcd9d6a.0	LGPL-3.0-only	2024-10-02 - 14:25	7 months
4.13.1-dev.bbde6ea.0	LGPL-3.0-only	2024-10-11 - 19:44	7 months
4.13.1-dev.f701406.0	LGPL-3.0-only	2024-10-09 - 13:27	7 months
4.13.1-dev.cc99825.0	LGPL-3.0-only	2024-09-26 - 08:37	8 months
4.13.1-dev.adf483f.0	LGPL-3.0-only	2024-10-04 - 18:29	7 months
4.13.1-dev.aa471e7.0	LGPL-3.0-only	2024-09-24 - 14:10	8 months
4.13.1-dev.c602fc6.0	LGPL-3.0-only	2024-09-24 - 21:00	8 months
4.13.1-dev.facc2e6.0	LGPL-3.0-only	2024-10-08 - 14:03	7 months
4.13.0	LGPL-3.0-only	2024-09-18 - 17:11	8 months
4.12.2-dev.b3cb1b7.0	LGPL-3.0-only	2024-09-13 - 11:36	8 months
4.12.2-dev.f351e00.0	LGPL-3.0-only	2024-08-23 - 08:33	9 months
4.12.2-dev.a21078b.0	LGPL-3.0-only	2024-09-17 - 16:53	8 months
4.12.2-dev.b86d8ca.0	LGPL-3.0-only	2024-09-09 - 15:20	8 months
4.12.1	LGPL-3.0-only	2024-08-23 - 08:29	9 months
4.12.1-dev.e746566.0	LGPL-3.0-only	2024-08-22 - 16:08	9 months
4.12.0	LGPL-3.0-only	2024-08-22 - 15:57	9 months
4.11.2-dev.cbbbd84.0	LGPL-3.0-only	2024-07-24 - 15:24	10 months
4.11.2-dev.d9d0391.0	LGPL-3.0-only	2024-08-20 - 08:16	9 months
4.11.2-dev.dee14ec.0	LGPL-3.0-only	2024-07-30 - 16:29	10 months
4.11.2-dev.f87ffbe.0	LGPL-3.0-only	2024-08-01 - 17:54	10 months
4.11.1	LGPL-3.0-only	2024-07-24 - 15:16	10 months
4.11.1-dev.cbcfc18.0	LGPL-3.0-only	2024-07-22 - 08:39	10 months
4.11.1-dev.e5efe49.0	LGPL-3.0-only	2024-07-22 - 15:20	10 months
4.11.0	LGPL-3.0-only	2024-07-11 - 14:26	10 months
4.10.0	LGPL-3.0-only	2024-06-17 - 13:27	11 months
4.9.1-dev.fd2982d.0	LGPL-3.0-only	2024-05-23 - 15:00	12 months
4.9.1-dev.f687df6.0	LGPL-3.0-only	2024-05-29 - 20:10	12 months
4.9.1-dev.b63af9f.0	LGPL-3.0-only	2024-05-30 - 13:18	12 months
4.9.0	LGPL-3.0-only	2024-05-23 - 15:02	12 months
4.8.1-dev.ac2e180.0	LGPL-3.0-only	2024-05-22 - 15:37	12 months
4.8.1-dev.dd172c7.0	LGPL-3.0-only	2024-04-18 - 19:35	about 1 year