CVE-2021-41122: missing clamps for decimal args in external functions
(updated )
The following code does not properly validate that its input is in bounds.
@external
def foo(x: decimal) -> decimal:
return x
References
Detect and mitigate CVE-2021-41122 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →