Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-8f9f-pc5v-9r5h

GitHub Security Advisory

Malicious takeover of previously owned ENS names

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
A user who owns an ENS domain can set a "trapdoor", allowing them to transfer ownership to another user, and later regain ownership without the new owner's consent or awareness.

### Patches

A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry. The registry is newly deployed at [0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e](https://etherscan.io/address/0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e).

### Workarounds
Do not accept transfers of ENS domains from other users on the old registrar.

Affected Packages

npm @ensdomains/ens
Affected versions: 0 (fixed in 0.4.0)

Related CVEs

CVE-2020-5232

Key Information

GHSA ID
GHSA-8f9f-pc5v-9r5h
Published
January 30, 2020 11:55 PM
Last Modified
September 21, 2022 7:32 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
@ensdomains/ens
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.