CVE-2020-35962

{"id": "CVE-2020-35962", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-03T07:15:13.770", "references": [{"url": "https://blocksecteam.medium.com/loopring-lrc-protocol-incident-66e9470bd51f", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://etherscan.io/address/0x4b89f8996892d137c3de1312d1dd4e4f4ffca171", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://blocksecteam.medium.com/loopring-lrc-protocol-incident-66e9470bd51f", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://etherscan.io/address/0x4b89f8996892d137c3de1312d1dd4e4f4ffca171", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation."}, {"lang": "es", "value": "La funci\u00f3n sellTokenForLRC en el protocolo vault en la implementaci\u00f3n del contrato inteligente para Loopring (LRC), un token de Ethereum, carece de control de acceso para el intercambio de tarifas y, por lo tanto, permite la manipulaci\u00f3n de precios."}], "lastModified": "2024-11-21T05:28:35.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:loopring:loopring:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C93F14E-AC12-4E5F-8318-6491A50E2217"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}