Severity: medium (5.3)

First published: Mon Sep 18 2023

Last modified: Fri Sep 22 2023

CWE: 667 833

### Impact Locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. ```Vyper @nonreentrant("") # unprotected @external def bar(): pass @nonreentrant("lock") # protected @external def foo(): pass ``` ### Patches Patched in #3605 ### Workarounds The lock name should be a non-empty string. ### References _Are there any links users can visit to find out more?_

Any of

  • pip/vyper
    fixed in: 0.3.10


  • What is the impact of GHSA-3hg2-r75x-g69m vulnerability?

    Locks of the type '@nonreentrant()' do not produce reentrancy checks at runtime.

  • How can I patch GHSA-3hg2-r75x-g69m vulnerability?

    The vulnerability has been patched in version 0.3.10 of the 'vyper' package.

  • Is there a workaround for GHSA-3hg2-r75x-g69m vulnerability?

    No specific workaround information is available for this vulnerability.

  • What is the severity of GHSA-3hg2-r75x-g69m vulnerability?

    The severity of this vulnerability is medium with a score of 5.3.

  • What is the Common Weakness Enumeration (CWE) ID for GHSA-3hg2-r75x-g69m vulnerability?

    The CWE ID for this vulnerability is 667 and 833.

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia
© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203