seaport-js icon indicating copy to clipboard operation
seaport-js copied to clipboard
verified publisher icon ProjectOpenSea

[Bug Fix]: Improper Access Control in seaport-js via Undici

Open streetfact opened this issue 2 years ago • 0 comments

Component

Other (please describe)

Have you ensured that all of these are up to date?

  • [X] seaport-js
  • [X] Node (minimum v16)

What version of seaport-js are you on?

5.28.3

What function is the bug in?

fetch()

Operating System

Linux

Describe the bug

The project ProjectOpenSea/seaport-js was used Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered. I Requested for Patch on #540

  const list = parsedMetadata.sort((c, d) => d.algo.localeCompare(c.algo))
  // get the strongest algorithm
  const strongest = list[0].algo
  // get all entries that use the strongest algorithm; ignore weaker
  const metadata = list.filter((item) => item.algo === strongest)

    if (actualValue === expectedValue) {
      return true
    }

    let actualBase64URL = crypto.createHash(algorithm).update(bytes).digest('base64url')

    if (actualBase64URL.endsWith('==')) {
      actualBase64URL = actualBase64URL.slice(0, -2)
    }

    if (actualBase64URL === expectedValue) {

Impact

CVE-2024-30261 CWE-284 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

streetfact avatar Apr 25 '24 14:04 streetfact