Vulnerability Details : CVE-2023-30543
@web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade.
Products affected by CVE-2023-30543
- Uniswap » Web3-react Walletconnect » For Node.jsVersions from including (>=) 6.0.0 and up to, including, (<=) 6.2.14cpe:2.3:a:uniswap:web3-react_walletconnect:*:*:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.30:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.31:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.32:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.33:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.34:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.35:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.36:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.27:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.28:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.29:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.0:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.1:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.2:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.3:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.4:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.5:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.6:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.7:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.8:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.9:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.10:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.11:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.12:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.13:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.14:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.15:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.16:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.17:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.18:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.19:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.20:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.21:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.22:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.23:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.24:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.25:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:8.0.26:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:7.0.1:alpha0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:7.0.2:alpha0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_walletconnect:7.0.0:alpha0:*:*:*:node.js:*:*
- Uniswap » Web3-react Metamask » For Node.jsVersions from including (>=) 6.0.0 and up to, including, (<=) 6.2.14cpe:2.3:a:uniswap:web3-react_metamask:*:*:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.27:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.28:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.29:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.0:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.1:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.2:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.3:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.4:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.5:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.6:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.7:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.8:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.9:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.10:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.11:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.12:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.13:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.14:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.15:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.16:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.17:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.18:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.19:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.20:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.21:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.22:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.23:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.24:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.25:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_metamask:8.0.26:beta0:*:*:*:node.js:*:*
- Uniswap » Web3-react Eip1193 » For Node.jsVersions from including (>=) 6.0.0 and up to, including, (<=) 6.2.14cpe:2.3:a:uniswap:web3-react_eip1193:*:*:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.0:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.1:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.2:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.3:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.4:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.5:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.6:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.7:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.8:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.9:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.10:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.11:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.12:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.13:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.14:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.15:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.16:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.17:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.18:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.19:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.20:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.21:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.22:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.23:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.24:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.25:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:8.0.26:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:7.0.1:alpha0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:7.0.2:alpha0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_eip1193:7.0.0:alpha0:*:*:*:node.js:*:*
- Uniswap » Web3-react Coinbase-wallet » For Node.jsVersions from including (>=) 6.0.0 and up to, including, (<=) 6.2.14cpe:2.3:a:uniswap:web3-react_coinbase-wallet:*:*:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.22:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.23:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.24:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.25:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.26:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.27:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.28:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.29:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.30:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.31:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.32:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.33:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:8.0.34:beta0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:7.0.1:alpha0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:7.0.2:alpha0:*:*:*:node.js:*:*
- cpe:2.3:a:uniswap:web3-react_coinbase-wallet:7.0.0:alpha0:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-30543
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-30543
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.7
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N |
2.1
|
3.6
|
NIST | |
5.2
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:L |
0.9
|
4.2
|
GitHub, Inc. |
CWE ids for CVE-2023-30543
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-30543
-
https://github.com/Uniswap/web3-react/security/advisories/GHSA-8pf3-6fgr-3g3g
`chainId` may be outdated if user changes chains as part of connection · Advisory · Uniswap/web3-react · GitHubVendor Advisory
-
https://github.com/Uniswap/web3-react/pull/749
fix: use up-to-date chainId/accounts when querying EIP1193-derived wallets by zzmp · Pull Request #749 · Uniswap/web3-react · GitHubIssue Tracking;Patch
Jump to