Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
go-f3 is Vulnerable to Cached Justification Verification Bypass
Vulnerability Description
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Vulnerability Type
使用基本弱点进行的认证绕过
Vulnerability Title
Go implementation of Fast Finality in Filecoin 安全漏洞
Vulnerability Description
Go implementation of Fast Finality in Filecoin是Filecoin开源的一个快速确认机制的Golang库。 Go implementation of Fast Finality in Filecoin 0.8.8及之前版本存在安全漏洞,该漏洞源于验证结果缓存机制未正确考虑消息上下文,可能导致攻击者绕过验证。
CVSS Information
N/A
Vulnerability Type
N/A