CVE-2021-41122

MEDIUM

Vyper <0.3.0 - Info Disclosure

Title source: llm

Description

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.

References (2)

[Exploit, Third Party Advisory] https://github.com/vyperlang/vyper/security/advisories/GHSA-c7pr-343r-5c46

[Third Party Advisory] https://github.com/vyperlang/vyper/pull/2447

Scores

CVSS v3 4.3

EPSS 0.0020

EPSS Percentile 42.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-682

Status published

Products (2)

pypi/vyper 0 - 0.3.0PyPI

vyperlang/vyper < 0.3.0

Published Oct 05, 2021

Tracked Since Feb 18, 2026