CVE-2021-45698: RPC call failure in ckb
(updated )
An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction.
References
- github.com/advisories/GHSA-8gjm-h3xj-mp6w
- github.com/nervosnetwork/ckb
- github.com/nervosnetwork/ckb/security/advisories/GHSA-v666-6w97-pcwm
- nvd.nist.gov/vuln/detail/CVE-2021-45698
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/ckb/RUSTSEC-2021-0107.md
- rustsec.org/advisories/RUSTSEC-2021-0107.html
Code Behaviors & Features
Detect and mitigate CVE-2021-45698 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →