Aggregates CVE and security vulnerability intelligence across all grin-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling and vendor risk input validation, with potential vendor impact unexpected behavior and vendor impact file overwrite across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-15899 | Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. | [email protected] | 7.5 | 0.10% | 2020-07-28 | 2024-11-21 |
| CVE-2020-12439 | Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. | [email protected] | 5.3 | 0.33% | 2020-05-05 | 2024-11-21 |
| CVE-2020-6638 | Grin through 2.1.1 has Insufficient Validation. | [email protected] | 7.5 | 0.41% | 2020-01-21 | 2024-11-21 |
| CVE-2019-9195 | util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. | [email protected] | 9.8 | 0.62% | 2019-02-26 | 2024-11-21 |