CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction.

Publication date: Sat, 03 Jul 2021 00:15:00 +0000


Cyber News related to CVE-2021-32738

CVE-2024-32738 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
6 months ago Tenable.com
CVE-2021-28352 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, ...
3 years ago
CVE-2021-28346 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, ...
3 years ago
CVE-2021-28358 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, ...
3 years ago
CVE-2021-28334 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, ...
3 years ago
CVE-2021-28341 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, ...
3 years ago
CVE-2021-28332 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, ...
3 years ago
CVE-2021-28335 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28336, CVE-2021-28337, ...
3 years ago
CVE-2021-46976 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2021-32738 - js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge ...
2 years ago
CVE-2021-45977 - JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm ...
2 years ago
CVE-2024-32739 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
6 months ago Tenable.com
CVE-2024-32737 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
6 months ago Tenable.com
CVE-2024-32736 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
6 months ago Tenable.com
CVE-2024-32735 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
6 months ago Tenable.com
CVE-2023-32738 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin < 2.1.3 versions. ...
1 year ago
CVE-2021-45511 - Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before ...
2 years ago
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
8 months ago Cisa.gov
CVE-2021-47130 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
1 year ago Securityweek.com
CVE-2021-26902 - HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. ...
3 years ago
CVE-2021-24110 - HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. ...
3 years ago
CVE-2021-24089 - HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27061, CVE-2021-27062. ...
3 years ago
CVE-2021-27051 - HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27061, CVE-2021-27062. ...
3 years ago
CVE-2021-27061 - HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24089, CVE-2021-24110, CVE-2021-26902, CVE-2021-27047, CVE-2021-27048, CVE-2021-27049, CVE-2021-27050, CVE-2021-27051, CVE-2021-27062. ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)