CVE-2020-35962

{"id": "CVE-2020-35962", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-03T07:15:13.770", "references": [{"url": "https://blocksecteam.medium.com/loopring-lrc-protocol-incident-66e9470bd51f", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://etherscan.io/address/0x4b89f8996892d137c3de1312d1dd4e4f4ffca171", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://blocksecteam.medium.com/loopring-lrc-protocol-incident-66e9470bd51f", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://etherscan.io/address/0x4b89f8996892d137c3de1312d1dd4e4f4ffca171", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation."}, {"lang": "es", "value": "La funci\u00f3n sellTokenForLRC en el protocolo vault en la implementaci\u00f3n del contrato inteligente para Loopring (LRC), un token de Ethereum, carece de control de acceso para el intercambio de tarifas y, por lo tanto, permite la manipulaci\u00f3n de precios."}], "lastModified": "2024-11-21T05:28:35.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:loopring:loopring:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C93F14E-AC12-4E5F-8318-6491A50E2217"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}