CVE-2021-41122

MEDIUM

Vyper <0.3.0 - Info Disclosure

Title source: llm

Description

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.

References (2)

[Third Party Advisory] https://github.com/vyperlang/vyper/pull/2447

[Exploit, Third Party Advisory] https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46

Scores

CVSS v3 4.3

EPSS 0.0020

EPSS Percentile 42.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-682

Status published

Affected Products (2)

vyperlang/vyper < 0.3.0

pypi/vyper < 0.3.0PyPI

Timeline

Published Oct 05, 2021

Tracked Since Feb 18, 2026