Vulnerability Database

308,681

Total vulnerabilities in the database

CVE-2024-41945

fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the fund function in fuels-ts/packages/account/src/account.ts gets the needed ressources statelessly with the function getResourcesToSpend without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the txpool / in a block or a previous transaction silently getting removed from the txpool and replaced with a new one.

Published: Jul 30, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-41945
GHSA: GHSA-3jcg-vx7f-j6qf
Severity: Low
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
@fuel-ts / account	-	0.93.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo