NodeJS/web3/0.12.0
Ethereum JavaScript API
https://www.npmjs.com/package/web3
LGPL-3.0-only
1 Security Vulnerabilities
Insecure Credential Storage in web3
Published date: 2019-05-30T17:26:30Z
Links:
All versions of web3
are vulnerable to Insecure Credential Storage. The package stores encrypted wallets in local storage and requires a password to load the wallet. Once the wallet is loaded, the private key is accessible via LocalStorage. Exploiting this vulnerability likely requires a Cross-Site Scripting vulnerability to access the private key.
Recommendation
No fix is currently available. Consider using an alternative module until a fix is made available.
Affected versions:
["0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.6", "0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.5.0", "0.6.0", "0.7.0", "0.7.1", "0.8.0", "0.8.1", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "0.11.0", "0.12.0", "0.12.1", "0.12.2", "0.13.0", "0.14.0", "0.14.1", "0.15.0", "0.15.1", "0.15.2", "0.15.3", "0.16.0", "0.17.0-alpha", "0.17.0-beta", "0.18.0", "0.18.1", "0.18.2", "0.18.4", "0.19.0", "0.19.1", "0.20.0", "0.20.1", "1.0.0-beta1", "1.0.0-beta2", "1.0.0-beta.1", "1.0.0-beta.2", "1.0.0-beta.3", "1.0.0-beta.4", "1.0.0-beta.5", "1.0.0-beta.6", "1.0.0-beta.7", "1.0.0-beta.9", "1.0.0-beta.10", "1.0.0-beta.11", "1.0.0-beta.12", "1.0.0-beta.13", "1.0.0-beta.14", "1.0.0-beta.15", "1.0.0-beta.16", "1.0.0-beta.17", "1.0.0-beta.18", "0.20.2", "1.0.0-beta.19", "1.0.0-beta.20", "1.0.0-beta.21", "1.0.0-beta.22", "1.0.0-beta.23", "1.0.0-beta.24", "1.0.0-beta.25", "1.0.0-beta.26", "0.20.3", "1.0.0-beta.27", "1.0.0-beta.28", "0.20.4", "1.0.0-beta.29", "0.20.5", "1.0.0-beta.30", "1.0.0-beta.31", "0.20.6", "1.0.0-beta.32", "1.0.0-beta.33", "1.0.0-beta.34", "0.20.7", "1.0.0-beta.35", "1.0.0-beta.36", "1.0.0-beta.37", "1.0.0-beta.38", "1.0.0-beta.39", "1.0.0-beta.40", "1.0.0-beta.41", "1.0.0-beta.42", "1.0.0-beta.43", "1.0.0-beta.44", "1.0.0-beta.46", "1.0.0-beta.47", "1.0.0-beta.48", "1.0.0-beta.49", "1.0.0-beta.50", "1.0.0-beta.51", "1.0.0-beta.52", "1.0.0-beta.53", "1.0.0-beta.54", "1.0.0-beta.55", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5-rc.0", "1.2.5", "1.2.6", "1.2.7-rc.0", "1.2.7", "1.2.8-rc.0", "1.2.8-rc.1", "1.2.8", "1.2.9-rc.0", "1.2.9", "1.2.10-rc.0", "1.2.10", "1.2.11", "1.3.0-rc.0", "1.3.0", "1.3.1", "1.3.2-rc.2", "1.3.2", "1.3.3", "1.3.4-rc.1", "1.3.4-rc.2", "1.3.4", "1.3.5-rc.0", "1.3.5", "1.3.6-rc.1", "1.3.6-rc.2", "1.3.6", "1.4.0-rc.0", "1.4.0", "1.5.0-rc.0", "1.5.0-rc.1", "1.5.0", "1.5.1-rc.0", "1.5.1-rc.1", "1.5.1", "1.5.2-rc.0", "1.5.2"]
Secure versions:
[2.0.0-alpha, 2.0.0-alpha.1, 3.0.0-rc.0, 3.0.0-rc.1, 3.0.0-rc.4, 3.0.0-rc.5, 1.5.3-rc.0, 1.5.3, 1.6.0-rc.0, 1.6.0, 1.6.1-rc.0, 1.6.1-rc.2, 1.6.1-rc.3, 1.6.1, 1.7.0-rc.0, 1.7.0, 1.7.1-rc.0, 1.7.1, 1.7.2-rc.0, 1.7.2, 1.7.3-rc.0, 1.7.3, 1.7.4-rc.0, 1.7.4-rc.1, 1.7.4-rc.2, 1.7.4, 1.7.5-rc.0, 1.7.5-rc.1, 1.7.5, 4.0.0-alpha.0, 4.0.1-alpha.0, 1.8.0-rc.0, 1.8.0, 1.8.1-rc.0, 4.0.1-alpha.1, 1.8.1, 4.0.1-alpha.2, 4.0.1-alpha.3, 1.8.2-rc.0, 4.0.1-alpha.4, 4.0.1-alpha.5, 1.8.2, 1.9.0-rc.0, 4.0.1-rc.0, 1.9.0, 4.0.1-rc.1, 1.10.0-rc.0, 1.10.0, 4.0.1-rc.2, 4.0.1, 4.0.2-dev.af57eae.0, 4.0.2-dev.f8a2533.0, 4.0.2-dev.ab0f4cb.0, 4.0.2-dev.a2a232f.0, 4.0.2-dev.e8d579c.0, 4.0.2, 4.0.3-dev.a26a888.0, 4.0.3-dev.d12dc7e.0, 4.0.3, 4.0.4-dev.ebd0c57.0, 4.0.4-dev.e143157.0, 4.0.4-dev.ad377d1.0, 4.0.4-dev.b93934a.0, 4.0.4-dev.f5b4d7d.0, 4.0.4-dev.ed2770c.0, 4.0.4-dev.b771112.0, 1.10.1-rc.0, 4.1.0-rc.0, 1.10.1, 4.1.0, 4.1.1-dev.c41d356.0, 4.1.1-dev.f4fd498.0, 4.1.1-dev.a4cae6f.0, 4.1.1-dev.d41a49e.0, 4.1.1-dev.ec6e117.0, 4.1.1, 4.1.2-dev.a325689.0, 1.10.2, 4.1.2-dev.da3e2f5.0, 4.1.2-dev.e4ba45c.0, 4.1.2, 4.1.3-dev.d036166.0, 4.1.3-dev.b8fa712.0, 4.1.3-dev.c490c18.0, 4.1.3-dev.bfcbea8.0, 4.1.3-dev.ae98628.0, 4.1.3-dev.b38f00d.0, 4.1.3-dev.e760667.0, 1.10.3, 4.2.0, 4.2.1-dev.bd3b9a0.0, 4.2.1-dev.a0d6730.0, 4.2.1-dev.f860b04.0, 4.2.1, 4.2.2-dev.f6c7fca.0, 4.2.2-dev.b05345b.0, 4.2.2-dev.f9bcac9.0, 4.2.2, 4.2.3-dev.bcd0706.0, 4.2.3-dev.b9da5a5.0, 4.2.3-dev.ef6f04e.0, 4.2.3-dev.be86e25.0, 4.2.3-dev.d8b8e18.0, 4.2.3-dev.af91519.0, 4.2.3-dev.f8d8774.0, 4.2.3-dev.e6d8c14.0, 4.2.3-dev.b3ccd5c.0, 4.3.0, 4.3.1-dev.cdd99e7.0, 4.3.1-dev.b819ee4.0, 4.3.1-dev.f1c6916.0, 4.3.1-dev.b35eca1.0, 4.3.1-dev.c858390.0, 4.3.1-dev.a4f2f8c.0, 4.3.1-dev.e1080d9.0, 4.3.1-dev.e442fd2.0, 4.3.1-dev.f7d9349.0, 4.3.1-dev.fa4c72b.0, 4.3.1-dev.c097b9a.0, 4.3.1-dev.f9468a8.0, 4.3.1-dev.df594c9.0, 4.3.1-dev.b188714.0, 4.3.1-dev.cc7ff1f.0, 4.3.1-dev.a3fe342.0, 4.4.0, 4.4.1-dev.b49094b.0, 4.4.1-dev.aac2420.0, 4.4.1-dev.a72e99a.0, 1.10.4, 4.4.1-dev.e5673ca.0, 4.4.1-dev.a6b685e.0, 4.4.1-dev.ed1460c.0, 4.4.1-dev.d8b64a8.0, 4.5.0, 4.5.1-dev.a0d4d2e.0, 4.5.1-dev.e774646.0, 4.5.1-dev.f696e47.0, 4.5.1-dev.ec65468.0, 4.5.1-dev.c5cecaf.0, 4.5.1-dev.a2d9cb4.0, 4.5.1-dev.afece40.0, 4.5.1-dev.cf4b93f.0, 4.5.1-dev.b4c92e1.0, 4.5.1-dev.b25b883.0, 4.5.1-dev.ab1b250.0, 4.5.1-dev.bd6cc71.0, 4.5.1-dev.ca31f6a.0, 4.5.1-dev.edf3164.0, 4.5.1-dev.cf60f71.0, 4.6.0, 4.6.1-dev.e383ae3.0, 4.6.1-dev.d254316.0, 4.6.1-dev.a1f9dc4.0, 4.6.1-dev.f943944.0, 4.6.1-dev.a83e9d5.0, 4.6.1-dev.c4e039a.0, 4.7.0, 4.7.1-dev.a173a8f.0, 4.7.1-dev.ce59737.0, 4.7.1-dev.bfb4f6f.0, 4.8.0, 4.8.1-dev.e29deea.0, 4.8.1-dev.dd172c7.0, 4.8.1-dev.d4e937d.0, 4.8.1-dev.ed2781f.0, 4.8.1-dev.de3e8f8.0, 4.8.1-dev.ebbbf1e.0, 4.8.1-dev.b413ebd.0, 4.8.1-dev.c62ef79.0, 4.8.1-dev.f216540.0, 4.8.1-dev.f44dc5b.0, 4.8.1-dev.ac2e180.0, 4.8.1-dev.e0fc158.0, 4.8.1-dev.f4e55bd.0, 4.9.1-dev.fd2982d.0, 4.9.0, 4.9.1-dev.f687df6.0, 4.9.1-dev.b63af9f.0, 4.10.0, 4.11.0, 4.11.1-dev.cbcfc18.0, 4.11.1-dev.e5efe49.0, 4.11.1, 4.11.2-dev.cbbbd84.0, 4.11.2-dev.dee14ec.0, 4.11.2-dev.f87ffbe.0, 4.11.2-dev.d9d0391.0, 4.12.0, 4.12.1-dev.e746566.0, 4.12.1, 4.12.2-dev.f351e00.0, 4.12.2-dev.b86d8ca.0, 4.12.2-dev.b3cb1b7.0, 4.12.2-dev.a21078b.0, 4.13.0, 4.13.1-dev.d6baee6.0, 4.13.1-dev.d45b712.0, 4.13.1-dev.aa471e7.0, 4.13.1-dev.c602fc6.0, 4.13.1-dev.cc99825.0, 4.13.1-dev.dcd9d6a.0, 4.13.1-dev.adf483f.0, 4.13.1-dev.facc2e6.0, 4.13.1-dev.f701406.0, 4.13.1-dev.bbde6ea.0, 4.14.0, 4.14.1-dev.fab66e9.0, 4.14.1-dev.ed85cce.0, 4.14.1-dev.d3baae6.0, 4.14.1-dev.efac906.0, 4.14.1-dev.d446838.0, 4.15.0]
Recommendation:
Update to version 4.15.0.
361 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
4.15.0 | LGPL-3.0-only | 2024-11-06 - 22:56 | 8 days | |
4.14.1-dev.fab66e9.0 | LGPL-3.0-only | 2024-10-21 - 15:04 | 24 days | |
4.14.1-dev.d3baae6.0 | LGPL-3.0-only | 2024-10-24 - 13:48 | 21 days | |
4.14.1-dev.efac906.0 | LGPL-3.0-only | 2024-10-28 - 14:21 | 17 days | |
4.14.1-dev.ed85cce.0 | LGPL-3.0-only | 2024-10-21 - 16:16 | 24 days | |
4.14.1-dev.d446838.0 | LGPL-3.0-only | 2024-11-04 - 20:00 | 10 days | |
4.14.0 | LGPL-3.0-only | 2024-10-21 - 14:26 | 24 days | |
4.13.1-dev.dcd9d6a.0 | LGPL-3.0-only | 2024-10-02 - 14:25 | about 1 month | |
4.13.1-dev.d6baee6.0 | LGPL-3.0-only | 2024-09-23 - 18:49 | about 2 months | |
4.13.1-dev.cc99825.0 | LGPL-3.0-only | 2024-09-26 - 08:37 | about 2 months | |
4.13.1-dev.bbde6ea.0 | LGPL-3.0-only | 2024-10-11 - 19:44 | about 1 month | |
4.13.1-dev.d45b712.0 | LGPL-3.0-only | 2024-09-24 - 12:43 | about 2 months | |
4.13.1-dev.f701406.0 | LGPL-3.0-only | 2024-10-09 - 13:27 | about 1 month | |
4.13.1-dev.adf483f.0 | LGPL-3.0-only | 2024-10-04 - 18:29 | about 1 month | |
4.13.1-dev.aa471e7.0 | LGPL-3.0-only | 2024-09-24 - 14:10 | about 2 months | |
4.13.1-dev.c602fc6.0 | LGPL-3.0-only | 2024-09-24 - 21:00 | about 2 months | |
4.13.1-dev.facc2e6.0 | LGPL-3.0-only | 2024-10-08 - 14:03 | about 1 month | |
4.13.0 | LGPL-3.0-only | 2024-09-18 - 17:11 | about 2 months | |
4.12.2-dev.f351e00.0 | LGPL-3.0-only | 2024-08-23 - 08:33 | 3 months | |
4.12.2-dev.b86d8ca.0 | LGPL-3.0-only | 2024-09-09 - 15:20 | 2 months | |
4.12.2-dev.b3cb1b7.0 | LGPL-3.0-only | 2024-09-13 - 11:36 | 2 months | |
4.12.2-dev.a21078b.0 | LGPL-3.0-only | 2024-09-17 - 16:53 | about 2 months | |
4.12.1 | LGPL-3.0-only | 2024-08-23 - 08:29 | 3 months | |
4.12.1-dev.e746566.0 | LGPL-3.0-only | 2024-08-22 - 16:08 | 3 months | |
4.12.0 | LGPL-3.0-only | 2024-08-22 - 15:57 | 3 months | |
4.11.2-dev.dee14ec.0 | LGPL-3.0-only | 2024-07-30 - 16:29 | 4 months | |
4.11.2-dev.cbbbd84.0 | LGPL-3.0-only | 2024-07-24 - 15:24 | 4 months | |
4.11.2-dev.f87ffbe.0 | LGPL-3.0-only | 2024-08-01 - 17:54 | 3 months | |
4.11.2-dev.d9d0391.0 | LGPL-3.0-only | 2024-08-20 - 08:16 | 3 months | |
4.11.1 | LGPL-3.0-only | 2024-07-24 - 15:16 | 4 months | |
4.11.1-dev.e5efe49.0 | LGPL-3.0-only | 2024-07-22 - 15:20 | 4 months | |
4.11.1-dev.cbcfc18.0 | LGPL-3.0-only | 2024-07-22 - 08:39 | 4 months | |
4.11.0 | LGPL-3.0-only | 2024-07-11 - 14:26 | 4 months | |
4.10.0 | LGPL-3.0-only | 2024-06-17 - 13:27 | 5 months | |
4.9.1-dev.f687df6.0 | LGPL-3.0-only | 2024-05-29 - 20:10 | 6 months | |
4.9.1-dev.b63af9f.0 | LGPL-3.0-only | 2024-05-30 - 13:18 | 6 months | |
4.9.1-dev.fd2982d.0 | LGPL-3.0-only | 2024-05-23 - 15:00 | 6 months | |
4.9.0 | LGPL-3.0-only | 2024-05-23 - 15:02 | 6 months | |
4.8.1-dev.ac2e180.0 | LGPL-3.0-only | 2024-05-22 - 15:37 | 6 months | |
4.8.1-dev.dd172c7.0 | LGPL-3.0-only | 2024-04-18 - 19:35 | 7 months | |
4.8.1-dev.d4e937d.0 | LGPL-3.0-only | 2024-04-19 - 04:34 | 7 months | |
4.8.1-dev.b413ebd.0 | LGPL-3.0-only | 2024-05-02 - 08:00 | 7 months | |
4.8.1-dev.f216540.0 | LGPL-3.0-only | 2024-05-06 - 20:38 | 6 months | |
4.8.1-dev.ebbbf1e.0 | LGPL-3.0-only | 2024-04-30 - 08:50 | 7 months | |
4.8.1-dev.e29deea.0 | LGPL-3.0-only | 2024-04-18 - 04:17 | 7 months | |
4.8.1-dev.f4e55bd.0 | LGPL-3.0-only | 2024-05-22 - 16:28 | 6 months | |
4.8.1-dev.e0fc158.0 | LGPL-3.0-only | 2024-05-22 - 16:00 | 6 months | |
4.8.1-dev.de3e8f8.0 | LGPL-3.0-only | 2024-04-26 - 19:25 | 7 months | |
4.8.1-dev.f44dc5b.0 | LGPL-3.0-only | 2024-05-09 - 13:39 | 6 months | |
4.8.1-dev.ed2781f.0 | LGPL-3.0-only | 2024-04-25 - 13:16 | 7 months | |
4.8.1-dev.c62ef79.0 | LGPL-3.0-only | 2024-05-06 - 10:18 | 6 months | |
4.8.0 | LGPL-3.0-only | 2024-04-18 - 04:01 | 7 months | |
4.7.1-dev.bfb4f6f.0 | LGPL-3.0-only | 2024-04-08 - 13:40 | 7 months | |
4.7.1-dev.a173a8f.0 | LGPL-3.0-only | 2024-03-26 - 18:01 | 8 months | |
4.7.1-dev.ce59737.0 | LGPL-3.0-only | 2024-04-07 - 11:38 | 7 months | |
4.7.0 | LGPL-3.0-only | 2024-03-26 - 17:55 | 8 months | |
4.6.1-dev.a1f9dc4.0 | LGPL-3.0-only | 2024-03-12 - 10:17 | 8 months | |
4.6.1-dev.f943944.0 | LGPL-3.0-only | 2024-03-20 - 14:16 | 8 months | |
4.6.1-dev.c4e039a.0 | LGPL-3.0-only | 2024-03-25 - 19:00 | 8 months | |
4.6.1-dev.a83e9d5.0 | LGPL-3.0-only | 2024-03-25 - 14:11 | 8 months | |
4.6.1-dev.d254316.0 | LGPL-3.0-only | 2024-03-11 - 19:14 | 8 months | |
4.6.1-dev.e383ae3.0 | LGPL-3.0-only | 2024-03-08 - 15:41 | 8 months | |
4.6.0 | LGPL-3.0-only | 2024-03-08 - 15:33 | 8 months | |
4.5.1-dev.edf3164.0 | LGPL-3.0-only | 2024-03-07 - 08:54 | 8 months | |
4.5.1-dev.cf60f71.0 | LGPL-3.0-only | 2024-03-07 - 12:07 | 8 months | |
4.5.1-dev.c5cecaf.0 | LGPL-3.0-only | 2024-02-19 - 12:44 | 9 months | |
4.5.1-dev.afece40.0 | LGPL-3.0-only | 2024-02-27 - 14:28 | 9 months | |
4.5.1-dev.a2d9cb4.0 | LGPL-3.0-only | 2024-02-19 - 12:44 | 9 months | |
4.5.1-dev.b4c92e1.0 | LGPL-3.0-only | 2024-02-27 - 14:58 | 9 months | |
4.5.1-dev.ec65468.0 | LGPL-3.0-only | 2024-02-16 - 17:19 | 9 months | |
4.5.1-dev.ca31f6a.0 | LGPL-3.0-only | 2024-03-05 - 17:05 | 8 months | |
4.5.1-dev.bd6cc71.0 | LGPL-3.0-only | 2024-03-01 - 21:14 | 9 months | |
4.5.1-dev.b25b883.0 | LGPL-3.0-only | 2024-02-28 - 16:27 | 9 months | |
4.5.1-dev.a0d4d2e.0 | LGPL-3.0-only | 2024-02-12 - 14:26 | 9 months | |
4.5.1-dev.f696e47.0 | LGPL-3.0-only | 2024-02-15 - 15:55 | 9 months | |
4.5.1-dev.cf4b93f.0 | LGPL-3.0-only | 2024-02-27 - 14:46 | 9 months | |
4.5.1-dev.ab1b250.0 | LGPL-3.0-only | 2024-02-28 - 16:44 | 9 months | |
4.5.1-dev.e774646.0 | LGPL-3.0-only | 2024-02-14 - 09:46 | 9 months | |
4.5.0 | LGPL-3.0-only | 2024-02-12 - 13:50 | 9 months | |
4.4.1-dev.d8b64a8.0 | LGPL-3.0-only | 2024-02-09 - 16:14 | 9 months | |
4.4.1-dev.b49094b.0 | LGPL-3.0-only | 2024-01-23 - 07:47 | 10 months | |
4.4.1-dev.a72e99a.0 | LGPL-3.0-only | 2024-01-29 - 21:20 | 10 months | |
4.4.1-dev.aac2420.0 | LGPL-3.0-only | 2024-01-24 - 18:32 | 10 months | |
4.4.1-dev.e5673ca.0 | LGPL-3.0-only | 2024-02-05 - 15:30 | 9 months | |
4.4.1-dev.ed1460c.0 | LGPL-3.0-only | 2024-02-06 - 20:46 | 9 months | |
4.4.1-dev.a6b685e.0 | LGPL-3.0-only | 2024-02-05 - 15:37 | 9 months | |
4.4.0 | LGPL-3.0-only | 2024-01-17 - 17:31 | 10 months | |
4.3.1-dev.cdd99e7.0 | LGPL-3.0-only | 2023-12-05 - 03:54 | 12 months | |
4.3.1-dev.f9468a8.0 | LGPL-3.0-only | 2024-01-04 - 11:10 | 11 months | |
4.3.1-dev.df594c9.0 | LGPL-3.0-only | 2024-01-05 - 09:58 | 10 months | |
4.3.1-dev.b188714.0 | LGPL-3.0-only | 2024-01-08 - 11:05 | 10 months | |
4.3.1-dev.cc7ff1f.0 | LGPL-3.0-only | 2024-01-08 - 19:50 | 10 months | |
4.3.1-dev.b819ee4.0 | LGPL-3.0-only | 2023-12-05 - 10:43 | 12 months | |
4.3.1-dev.b35eca1.0 | LGPL-3.0-only | 2023-12-12 - 13:31 | 11 months | |
4.3.1-dev.a4f2f8c.0 | LGPL-3.0-only | 2023-12-12 - 14:13 | 11 months | |
4.3.1-dev.c858390.0 | LGPL-3.0-only | 2023-12-12 - 13:34 | 11 months | |
4.3.1-dev.a3fe342.0 | LGPL-3.0-only | 2024-01-15 - 14:01 | 10 months | |
4.3.1-dev.c097b9a.0 | LGPL-3.0-only | 2023-12-15 - 16:41 | 11 months | |
4.3.1-dev.e1080d9.0 | LGPL-3.0-only | 2023-12-13 - 17:26 | 11 months | |
4.3.1-dev.f1c6916.0 | LGPL-3.0-only | 2023-12-05 - 15:27 | 12 months |