What is the impact of GHSA-3hg2-r75x-g69m vulnerability?

Locks of the type '@nonreentrant()' do not produce reentrancy checks at runtime.

How can I patch GHSA-3hg2-r75x-g69m vulnerability?

The vulnerability has been patched in version 0.3.10 of the 'vyper' package.

Is there a workaround for GHSA-3hg2-r75x-g69m vulnerability?

No specific workaround information is available for this vulnerability.

What is the severity of GHSA-3hg2-r75x-g69m vulnerability?

The severity of this vulnerability is medium with a score of 5.3.

What is the Common Weakness Enumeration (CWE) ID for GHSA-3hg2-r75x-g69m vulnerability?

The CWE ID for this vulnerability is 667 and 833.

vuln-group

GHSA-3hg2-r75x-g69m

Severity: medium (5.3)

First published: Mon Sep 18 2023

Last modified: Fri Sep 22 2023

CWE: 667 833

### Impact Locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. ```Vyper @nonreentrant("") # unprotected @external def bar(): pass @nonreentrant("lock") # protected @external def foo(): pass ``` ### Patches Patched in #3605 ### Workarounds The lock name should be a non-empty string. ### References _Are there any links users can visit to find out more?_

Any of

pip/vyper
>=0.2.9<0.3.10
fixed in: 0.3.10

FAQ

What is the impact of GHSA-3hg2-r75x-g69m vulnerability?
Locks of the type '@nonreentrant()' do not produce reentrancy checks at runtime.
How can I patch GHSA-3hg2-r75x-g69m vulnerability?
The vulnerability has been patched in version 0.3.10 of the 'vyper' package.
Is there a workaround for GHSA-3hg2-r75x-g69m vulnerability?
No specific workaround information is available for this vulnerability.
What is the severity of GHSA-3hg2-r75x-g69m vulnerability?
The severity of this vulnerability is medium with a score of 5.3.
What is the Common Weakness Enumeration (CWE) ID for GHSA-3hg2-r75x-g69m vulnerability?
The CWE ID for this vulnerability is 667 and 833.

Reference Links

collector/github-advisory-latest
alias/GHSA-3hg2-r75x-g69m
alias/CVE-2023-42441
package-manager/pip