How severe is CVE-2024-32647?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-32647?

This is classified as CWE-95, which is a common weakness in software security.

CVE-2024-32647

MEDIUM Year: 2024

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-95

View all →

Vulnerability Description

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `create_from_blueprint` builtin can result in a double eval vulnerability when `raw_args=True` and the `args` argument has side-effects. It can be seen that the `_build_create_IR` function of the `create_from_blueprint` builtin doesn't cache the mentioned `args` argument to the stack. As such, it can be evaluated multiple times (instead of retrieving the value from the stack). No vulnerable production contracts were found. Additionally, double evaluation of side-effects should be easily discoverable in client tests. As such, the impact is low. As of time of publication, no fixed versions exist.

CVE-2024-32649

MEDIUM

CVSS:5.3(Medium)

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, using the `sqrt` builtin can result in double eval vulnerability when the argument has side-...

CWE-952024

CVE-2020-5217

MEDIUM

CVSS:5.8(Medium)

In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_se...

CWE-952020

CVE-2021-33678

MEDIUM

CVSS:6.5(Medium)

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged att...

CWE-952021

CVE-2019-9507

HIGH

CVSS:7.2(High)

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands wi...

CWE-952019

CVE-2023-0888

HIGH

CVSS:7.2(High)

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access t...

CWE-952023

CVE-2021-23277

CRITICAL

CVSS:10.0(Critical)

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic e...

CWE-952021

CVE-2024-32647

Vulnerability Description

Related Vulnerabilities

CVE-2024-32649

CVE-2020-5217

CVE-2021-33678

CVE-2019-9507

CVE-2023-0888

CVE-2021-23277