x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c)
- Severity:
- High
Description
There is a security vulnerability in outdated versions of the x402 SDK. This does not directly affect users’ keys, smart contracts, or funds.
This primarily impacts builders working on resource servers.
Recommendation
Update the x402-express package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.5.2
- Patched version(s): 0.5.2
References
Related Issues
- vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) - CVE-2024-52809
- node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit - CVE-2022-25231
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- x402-express
Anything's wrong? Let us know Last updated on August 20, 2025