x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c)
- Severity:
- High
Description
There is a security vulnerability in outdated versions of the x402 SDK. This does not directly affect users’ keys, smart contracts, or funds.
This primarily impacts builders working on resource servers.
Recommendation
Update the x402-express package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.5.2
- Patched version(s): 0.5.2
References
Related Issues
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) 2 - Vulnerability
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) 3 - Vulnerability
- x402 SDK vulnerable in outdated versions in resource servers for builders - Vulnerability
- JOSE vulnerable to resource exhaustion via specifically crafted JWE (GHSA-jv3g-j58f-9mq9) 2 - CVE-2022-36083
- Tags:
- npm
- x402-express
Anything's wrong? Let us know Last updated on August 20, 2025