CVE-2022-35917 - Vulnerability Details - OpenCVE

Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Solanalabs	Pay

Configuration 1 [-]

cpe:2.3:a:solanalabs:pay:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference
https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts
https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad
https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq

History

Wed, 23 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-08-01T21:10:11.000Z

Updated: 2025-04-23T17:54:43.793Z

Reserved: 2022-07-15T00:00:00.000Z

Link: CVE-2022-35917

Vulnrichment

Updated: 2024-08-03T09:51:58.604Z

NVD

Status : Modified

Published: 2022-08-01T22:15:10.157

Modified: 2024-11-21T07:11:57.457

Link: CVE-2022-35917

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "solana-pay", "vendor": "solana-labs", "versions": [{"status": "affected", "version": "< 0.2.1"}]}], "descriptions": [{"lang": "en", "value": "Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "description": "CWE-670: Always-Incorrect Control Flow Implementation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T21:10:11.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts"}], "source": {"advisory": "GHSA-j47c-j42c-mwqq", "discovery": "UNKNOWN"}, "title": "Weakness in Transfer Validation Logic in @solana/pay", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-35917", "STATE": "PUBLIC", "TITLE": "Weakness in Transfer Validation Logic in @solana/pay"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "solana-pay", "version": {"version_data": [{"version_value": "< 0.2.1"}]}}]}, "vendor_name": "solana-labs"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-670: Always-Incorrect Control Flow Implementation"}]}]}, "references": {"reference_data": [{"name": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq", "refsource": "CONFIRM", "url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq"}, {"name": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad", "refsource": "MISC", "url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad"}, {"name": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference", "refsource": "MISC", "url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference"}, {"name": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts", "refsource": "MISC", "url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts"}]}, "source": {"advisory": "GHSA-j47c-j42c-mwqq", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:58.604Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T15:52:35.047087Z", "id": "CVE-2022-35917", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T17:54:43.793Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35917", "datePublished": "2022-08-01T21:10:11.000Z", "dateReserved": "2022-07-15T00:00:00.000Z", "dateUpdated": "2025-04-23T17:54:43.793Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:58.604Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-35917", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T15:52:35.047087Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T15:52:36.822Z"}}], "cna": {"title": "Weakness in Transfer Validation Logic in @solana/pay", "source": {"advisory": "GHSA-j47c-j42c-mwqq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "solana-labs", "product": "solana-pay", "versions": [{"status": "affected", "version": "< 0.2.1"}]}], "references": [{"url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-670", "description": "CWE-670: Always-Incorrect Control Flow Implementation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-08-01T21:10:11.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, "source": {"advisory": "GHSA-j47c-j42c-mwqq", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "< 0.2.1"}]}, "product_name": "solana-pay"}]}, "vendor_name": "solana-labs"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq", "name": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq", "refsource": "CONFIRM"}, {"url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad", "name": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad", "refsource": "MISC"}, {"url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference", "name": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference", "refsource": "MISC"}, {"url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts", "name": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-670: Always-Incorrect Control Flow Implementation"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-35917", "STATE": "PUBLIC", "TITLE": "Weakness in Transfer Validation Logic in @solana/pay", "ASSIGNER": "security-advisories@github.com"}}}}, "cveMetadata": {"cveId": "CVE-2022-35917", "state": "PUBLISHED", "dateUpdated": "2025-04-23T17:54:43.793Z", "dateReserved": "2022-07-15T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-08-01T21:10:11.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:solanalabs:pay:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA0D8FFF-0C7B-45CE-B3FD-FF53A6147F8B", "versionEndExcluding": "0.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue."}, {"lang": "es", "value": "Solana Pay es un protocolo y un conjunto de implementaciones de referencia que permiten a desarrolladores incorporar pagos descentralizados en sus aplicaciones y servicios. Cuando es localizada una transacci\u00f3n de Solana Pay usando una clave de referencia, puede comprobarse que representa una transferencia del importe deseado al destinatario, usando la funci\u00f3n suministrada \"validateTransfer\". Un caso de borde en relaci\u00f3n con este mecanismo podr\u00eda causar a la l\u00f3gica de comprobaci\u00f3n, comprobar m\u00faltiples transferencias. Este problema ha sido corregido a partir de la versi\u00f3n \"0.2.1\". Los usuarios del SDK de Solana Pay deber\u00edan actualizarlo. No se presentan mitigaciones conocidas para este problema"}], "id": "CVE-2022-35917", "lastModified": "2024-11-21T07:11:57.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T22:15:10.157", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/blob/master/SPEC.md#reference"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/blob/master/core/src/validateTransfer.ts"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/commit/ac6ce0d0a81137700874a8bf5a7caac3be999fad"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solana-labs/solana-pay/security/advisories/GHSA-j47c-j42c-mwqq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "security-advisories@github.com", "type": "Secondary"}]}