How severe is CVE-2022-35917?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-35917?

This is classified as CWE-670, which is a common weakness in software security.

CVE-2022-35917 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2020-35477

MEDIUM

CVSS:5.3(Medium)

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggle...

CWE-6702020

CVE-2020-5753

MEDIUM

CVSS:5.3(Medium)

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling...

CWE-6702020

CVE-2021-0273

MEDIUM

CVSS:5.3(Medium)

An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices wi...

CWE-6702021

CVE-2021-43819

MEDIUM

CVSS:5.3(Medium)

Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when ...

CWE-6702021

CVE-2021-43979

MEDIUM

CVSS:5.3(Medium)

Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes ...

CWE-6702021

CVE-2021-45852

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.

CWE-6702021