NodeJS/web3/0.20.2
Ethereum JavaScript API
https://www.npmjs.com/package/web3
LGPL-3.0-only
1 Security Vulnerabilities
Insecure Credential Storage in web3
Published date: 2019-05-30T17:26:30Z
Links:
All versions of web3 are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Site Scripting vulnerability to access the private key.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
Affected versions:
["0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.6", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.5.0", "0.6.0", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "0.11.0", "0.12.0", "0.12.1", "0.12.2", "0.13.0", "0.14.0", "0.14.1", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.17.0-alpha", "0.17.0-beta", "0.18.0", "0.18.1", "0.18.2", "0.18.4", "0.19.0", "0.19.1", "0.20.0", "0.20.1", "0.20.2", "0.20.3", "0.20.4", "0.20.5", "0.20.6", "0.20.7"]
Secure versions:
[1.0.0-beta1, 1.0.0-beta2, 1.0.0-beta.1, 1.0.0-beta.2, 1.0.0-beta.3, 1.0.0-beta.4, 1.0.0-beta.5, 1.0.0-beta.6, 1.0.0-beta.7, 1.0.0-beta.9, 1.0.0-beta.10, 1.0.0-beta.11, 1.0.0-beta.12, 1.0.0-beta.13, 1.0.0-beta.14, 1.0.0-beta.15, 1.0.0-beta.16, 1.0.0-beta.17, 1.0.0-beta.18, 1.0.0-beta.19, 1.0.0-beta.20, 1.0.0-beta.21, 1.0.0-beta.22, 1.0.0-beta.23, 1.0.0-beta.24, 1.0.0-beta.25, 1.0.0-beta.26, 1.0.0-beta.27, 1.0.0-beta.28, 1.0.0-beta.29, 1.0.0-beta.30, 1.0.0-beta.31, 1.0.0-beta.32, 1.0.0-beta.33, 1.0.0-beta.34, 1.0.0-beta.35, 1.0.0-beta.36, 1.0.0-beta.37, 1.0.0-beta.38, 1.0.0-beta.39, 1.0.0-beta.40, 1.0.0-beta.41, 1.0.0-beta.42, 1.0.0-beta.43, 1.0.0-beta.44, 1.0.0-beta.46, 1.0.0-beta.47, 1.0.0-beta.48, 1.0.0-beta.49, 1.0.0-beta.50, 1.0.0-beta.51, 1.0.0-beta.52, 1.0.0-beta.53, 1.0.0-beta.54, 1.0.0-beta.55, 2.0.0-alpha, 1.2.0, 1.2.1, 2.0.0-alpha.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5-rc.0, 1.2.5, 1.2.6, 1.2.7-rc.0, 1.2.7, 1.2.8-rc.0, 1.2.8-rc.1, 1.2.8, 1.2.9-rc.0, 1.2.9, 1.2.10-rc.0, 1.2.10, 1.2.11, 1.3.0-rc.0, 1.3.0, 1.3.1, 1.3.2-rc.2, 1.3.2, 1.3.3, 1.3.4-rc.1, 1.3.4-rc.2, 1.3.4, 1.3.5-rc.0, 1.3.5, 3.0.0-rc.0]
Recommendation:
Update to version 1.3.5.
139 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 3.0.0-rc.0 | LGPL-3.0-only | 2021-04-09 - 05:06 | 3 days | |
| 2.0.0-alpha.1 | LGPL-3.0-only | 2019-08-06 - 10:10 | over 1 year | |
| 2.0.0-alpha | LGPL-3.0-only | 2019-07-13 - 09:59 | over 1 year | |
| 1.3.5 | LGPL-3.0-only | 2021-04-05 - 19:59 | 6 days | |
| 1.3.5-rc.0 | LGPL-3.0-only | 2021-03-24 - 02:17 | 19 days | |
| 1.3.4 | LGPL-3.0-only | 2021-02-03 - 16:00 | 2 months | |
| 1.3.4-rc.2 | LGPL-3.0-only | 2021-01-28 - 22:59 | 2 months | |
| 1.3.4-rc.1 | LGPL-3.0-only | 2021-01-26 - 04:58 | 3 months | |
| 1.3.3 | LGPL-3.0-only | 2021-01-22 - 22:10 | 3 months | |
| 1.3.2 | LGPL-3.0-only | 2021-01-21 - 23:08 | 3 months | |
| 1.3.2-rc.2 | LGPL-3.0-only | 2021-01-21 - 19:31 | 3 months | |
| 1.3.1 | LGPL-3.0-only | 2020-12-17 - 22:31 | 4 months | |
| 1.3.0 | LGPL-3.0-only | 2020-09-15 - 19:14 | 7 months | |
| 1.3.0-rc.0 | LGPL-3.0-only | 2020-09-02 - 20:47 | 7 months | |
| 1.2.11 | LGPL-3.0-only | 2020-07-18 - 22:26 | 9 months | |
| 1.2.10 | LGPL-3.0-only | 2020-07-17 - 17:22 | 9 months | |
| 1.2.10-rc.0 | LGPL-3.0-only | 2020-07-09 - 16:06 | 9 months | |
| 1.2.9 | LGPL-3.0-only | 2020-06-09 - 19:12 | 10 months | |
| 1.2.9-rc.0 | LGPL-3.0-only | 2020-06-02 - 22:56 | 10 months | |
| 1.2.8 | LGPL-3.0-only | 2020-05-20 - 21:38 | 11 months | |
| 1.2.8-rc.1 | LGPL-3.0-only | 2020-05-18 - 19:48 | 11 months | |
| 1.2.8-rc.0 | LGPL-3.0-only | 2020-05-08 - 18:59 | 11 months | |
| 1.2.7 | LGPL-3.0-only | 2020-04-24 - 19:31 | 12 months | |
| 1.2.7-rc.0 | LGPL-3.0-only | 2020-04-15 - 02:06 | 12 months | |
| 1.2.6 | LGPL-3.0-only | 2020-02-02 - 12:35 | about 1 year | |
| 1.2.5 | LGPL-3.0-only | 2020-01-27 - 08:35 | about 1 year | |
| 1.2.5-rc.0 | LGPL-3.0-only | 2020-01-16 - 12:27 | about 1 year | |
| 1.2.4 | LGPL-3.0-only | 2019-11-15 - 10:00 | over 1 year | |
| 1.2.3 | LGPL-3.0-only | 2019-11-14 - 15:32 | over 1 year | |
| 1.2.2 | LGPL-3.0-only | 2019-10-23 - 09:46 | over 1 year | |
| 1.2.1 | LGPL-3.0-only | 2019-08-06 - 09:52 | over 1 year | |
| 1.2.0 | LGPL-3.0-only | 2019-07-23 - 09:35 | over 1 year | |
| 1.0.0-beta.55 | LGPL-3.0-only | 2019-05-09 - 12:16 | almost 2 years | |
| 1.0.0-beta.54 | LGPL-3.0-only | 2019-05-02 - 21:35 | almost 2 years | |
| 1.0.0-beta.53 | LGPL-3.0-only | 2019-04-30 - 10:13 | almost 2 years | |
| 1.0.0-beta.52 | LGPL-3.0-only | 2019-04-04 - 17:08 | about 2 years | |
| 1.0.0-beta.51 | LGPL-3.0-only | 2019-03-28 - 14:11 | about 2 years | |
| 1.0.0-beta.50 | LGPL-3.0-only | 2019-03-20 - 11:02 | about 2 years | |
| 1.0.0-beta.49 | LGPL-3.0-only | 2019-03-19 - 14:42 | about 2 years | |
| 1.0.0-beta.48 | LGPL-3.0-only | 2019-03-05 - 18:39 | about 2 years | |
| 1.0.0-beta.47 | LGPL-3.0-only | 2019-03-01 - 20:05 | about 2 years | |
| 1.0.0-beta.46 | LGPL-3.0-only | 2019-02-09 - 12:12 | about 2 years | |
| 1.0.0-beta.44 | LGPL-3.0-only | 2019-02-08 - 16:53 | about 2 years | |
| 1.0.0-beta.43 | LGPL-3.0-only | 2019-02-06 - 19:19 | about 2 years | |
| 1.0.0-beta.42 | LGPL-3.0-only | 2019-02-06 - 16:05 | about 2 years | |
| 1.0.0-beta.41 | LGPL-3.0-only | 2019-01-28 - 21:13 | about 2 years | |
| 1.0.0-beta.40 | LGPL-3.0-only | 2019-01-28 - 17:58 | about 2 years | |
| 1.0.0-beta.39 | LGPL-3.0-only | 2019-01-27 - 17:39 | about 2 years | |
| 1.0.0-beta.38 | LGPL-3.0-only | 2019-01-25 - 19:14 | about 2 years | |
| 1.0.0-beta.37 | LGPL-3.0-only | 2018-12-08 - 16:36 | over 2 years | |
| 1.0.0-beta.36 | LGPL-3.0-only | 2018-09-04 - 11:50 | over 2 years | |
| 1.0.0-beta.35 | LGPL-3.0-only | 2018-07-25 - 13:27 | over 2 years | |
| 1.0.0-beta.34 | LGPL-3.0-only | 2018-04-13 - 14:57 | almost 3 years | |
| 1.0.0-beta.33 | LGPL-3.0-only | 2018-03-19 - 20:22 | about 3 years | |
| 1.0.0-beta.32 | LGPL-3.0-only | 2018-03-19 - 20:03 | about 3 years | |
| 1.0.0-beta.31 | LGPL-3.0-only | 2018-03-13 - 14:06 | about 3 years | |
| 1.0.0-beta.30 | LGPL-3.0-only | 2018-02-13 - 11:33 | about 3 years | |
| 1.0.0-beta.29 | LGPL-3.0-only | 2018-01-26 - 09:39 | about 3 years | |
| 1.0.0-beta.28 | LGPL-3.0-only | 2018-01-17 - 17:07 | about 3 years | |
| 1.0.0-beta.27 | LGPL-3.0-only | 2017-12-21 - 11:09 | over 3 years | |
| 1.0.0-beta.26 | LGPL-3.0-only | 2017-11-14 - 11:23 | over 3 years | |
| 1.0.0-beta.25 | LGPL-3.0-only | 2017-11-14 - 11:17 | over 3 years | |
| 1.0.0-beta.24 | LGPL-3.0-only | 2017-10-19 - 13:39 | over 3 years | |
| 1.0.0-beta.23 | LGPL-3.0-only | 2017-10-10 - 11:24 | over 3 years | |
| 1.0.0-beta.22 | LGPL-3.0-only | 2017-09-25 - 15:06 | over 3 years | |
| 1.0.0-beta.21 | LGPL-3.0-only | 2017-09-20 - 13:54 | over 3 years | |
| 1.0.0-beta.20 | LGPL-3.0-only | 2017-09-15 - 12:01 | over 3 years | |
| 1.0.0-beta.19 | LGPL-3.0-only | 2017-09-15 - 11:55 | over 3 years | |
| 1.0.0-beta.18 | LGPL-3.0-only | 2017-08-09 - 14:19 | over 3 years | |
| 1.0.0-beta.17 | LGPL-3.0-only | 2017-08-08 - 10:26 | over 3 years | |
| 1.0.0-beta.16 | LGPL-3.0-only | 2017-08-07 - 16:10 | over 3 years | |
| 1.0.0-beta.15 | LGPL-3.0-only | 2017-08-03 - 11:45 | over 3 years | |
| 1.0.0-beta.14 | LGPL-3.0-only | 2017-08-02 - 13:27 | over 3 years | |
| 1.0.0-beta.13 | LGPL-3.0-only | 2017-07-27 - 13:51 | over 3 years | |
| 1.0.0-beta.12 | LGPL-3.0-only | 2017-07-26 - 17:25 | over 3 years | |
| 1.0.0-beta.11 | LGPL-3.0-only | 2017-07-24 - 17:48 | over 3 years | |
| 1.0.0-beta.10 | LGPL-3.0-only | 2017-07-24 - 17:09 | over 3 years | |
| 1.0.0-beta.9 | LGPL-3.0-only | 2017-07-24 - 16:52 | over 3 years | |
| 1.0.0-beta.7 | LGPL-3.0-only | 2017-07-22 - 14:42 | over 3 years | |
| 1.0.0-beta.6 | LGPL-3.0-only | 2017-07-22 - 14:11 | over 3 years | |
| 1.0.0-beta.5 | LGPL-3.0-only | 2017-07-21 - 09:35 | over 3 years | |
| 1.0.0-beta.4 | LGPL-3.0-only | 2017-07-20 - 12:43 | over 3 years | |
| 1.0.0-beta.3 | LGPL-3.0-only | 2017-07-20 - 12:27 | over 3 years | |
| 1.0.0-beta.2 | LGPL-3.0-only | 2017-07-20 - 12:21 | over 3 years | |
| 1.0.0-beta2 | LGPL-3.0-only | 2017-07-20 - 10:32 | over 3 years | |
| 1.0.0-beta1 | LGPL-3.0-only | 2017-07-20 - 09:38 | over 3 years | |
| 1.0.0-beta.1 | LGPL-3.0-only | 2017-07-20 - 10:34 | over 3 years | |
| 0.20.7 | LGPL-3.0-only | 1 | 2018-07-25 - 13:17 | over 2 years |
| 0.20.6 | LGPL-3.0-only | 1 | 2018-03-13 - 14:15 | about 3 years |
| 0.20.5 | LGPL-3.0-only | 1 | 2018-02-13 - 11:22 | about 3 years |
| 0.20.4 | LGPL-3.0-only | 1 | 2018-01-17 - 17:10 | about 3 years |
| 0.20.3 | LGPL-3.0-only | 1 | 2017-12-21 - 09:51 | over 3 years |
| 0.20.2 | LGPL-3.0-only | 1 | 2017-09-15 - 11:49 | over 3 years |
| 0.20.1 | LGPL-3.0-only | 1 | 2017-07-17 - 11:34 | over 3 years |
| 0.20.0 | LGPL-3.0-only | 1 | 2017-07-17 - 10:01 | over 3 years |
| 0.19.1 | LGPL-3.0-only | 1 | 2017-06-24 - 05:51 | almost 4 years |
| 0.19.0 | LGPL-3.0-only | 1 | 2017-05-09 - 10:06 | almost 4 years |
| 0.18.4 | LGPL-3.0-only | 1 | 2017-03-29 - 09:49 | about 4 years |
| 0.18.2 | LGPL-3.0-only | 1 | 2017-01-13 - 12:37 | about 4 years |
| 0.18.1 | LGPL-3.0-only | 1 | 2017-01-12 - 14:38 | about 4 years |