# Shardeum Ancillaries

## Reports by Severity

[Critical](#critical) | [Medium](#medium) | [Low](#low) | [Insight](#insight)

<details>

<summary>Critical</summary>

* [Boost \_ Shardeum\_ Ancillaries 34508 - \[Websites and Applications - Critical\] Malicious archiver can overwtite account data on any active archiver](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34508-websites-and-applications-critical-malicious-archiver-can-overwt.md)

</details>

<details>

<summary>Medium</summary>

* [Boost \_ Shardeum\_ Ancillaries 33571 - \[Websites and Applications - Medium\] Taking down the websocket server via malicious methods object override](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33571-websites-and-applications-medium-taking-down-the-websocket-serve.md)
* [Boost \_ Shardeum\_ Ancillaries 34298 - \[Websites and Applications - Medium\] archive-server can be killed by connected shardus-instance](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34298-websites-and-applications-medium-archive-server-can-be-killed-by.md)
* [Boost \_ Shardeum\_ Ancillaries 34392 - \[Websites and Applications - Medium\] JSON-RPC Complete Password Recovery Through Timing Attack](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34392-websites-and-applications-medium-json-rpc-complete-password-reco.md)

</details>

<details>

<summary>Low</summary>

* [Boost \_ Shardeum\_ Ancillaries 33040 - \[Websites and Applications - Low\] API CSRF protection bypass leading to arbitrary operator-cli command execution](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33040-websites-and-applications-low-api-csrf-protection-bypass-leading.md)
* [Boost \_ Shardeum\_ Ancillaries 33692 - \[Websites and Applications - Low\] Reflected XSS in validator node endpoints leads to node shutdown via validator-gui](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33692-websites-and-applications-low-reflected-xss-in-validator-node-en.md)
* [Boost \_ Shardeum\_ Ancillaries 34367 - \[Websites and Applications - Low\] CSRF vulnerability due to missing SameSiteStrict attribute resulting blackhat to perform authenticated action](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34367-websites-and-applications-low-csrf-vulnerability-due-to-missing.md)
* [Boost \_ Shardeum\_ Ancillaries 34473 - \[Websites and Applications - Low\] Insight XSS in json rpc server without CSP bypass](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34473-websites-and-applications-low-insight-xss-in-json-rpc-server-wit.md)
* [Boost \_ Shardeum\_ Ancillaries 34475 - \[Websites and Applications - Low\] CSRF in Json RPC Server allows requesting authenticated API endpoints](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34475-websites-and-applications-low-csrf-in-json-rpc-server-allows-req.md)

</details>

<details>

<summary>Insight</summary>

* [Boost \_ Shardeum\_ Ancillaries 33392 - \[Websites and Applications - Insight\] Validator GUI password bruteforcing is possible using the proxies](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33392-websites-and-applications-insight-validator-gui-password-brutefo.md)
* [Boost \_ Shardeum\_ Ancillaries 33490 - \[Websites and Applications - Insight\] Abusing blacklist functionality to get victims IP to be banned](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33490-websites-and-applications-insight-abusing-blacklist-functionalit.md)
* [Boost \_ Shardeum\_ Ancillaries 33522 - \[Websites and Applications - Insight\] Exposed Redis Service Vulnerability on apishardeumorg](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33522-websites-and-applications-insight-exposed-redis-service-vulnerab.md)
* [Boost \_ Shardeum\_ Ancillaries 33558 - \[Websites and Applications - Insight\] In some instances the socket can be made to hang](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33558-websites-and-applications-insight-in-some-instances-the-socket-c.md)
* [Boost \_ Shardeum\_ Ancillaries 33577 - \[Websites and Applications - Insight\] Taking down the HTTP server via jayson -day vulnerability](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33577-websites-and-applications-insight-taking-down-the-http-server-vi.md)
* [Boost \_ Shardeum\_ Ancillaries 33809 - \[Websites and Applications - Insight\] Blocking the user from interacting with GUI via rate-limiting abuse](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33809-websites-and-applications-insight-blocking-the-user-from-interac.md)
* [Boost \_ Shardeum\_ Ancillaries 34474 - \[Websites and Applications - Insight\] SQL injection in json-rpc-server within thetxStatusSaver function via the IP argument leads to application shutdown](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34474-websites-and-applications-insight-sql-injection-in-json-rpc-serv.md)
* [Boost \_ Shardeum\_ Ancillaries 34492 - \[Websites and Applications - Insight\] DoS via unbounded tx id list processing in api endpoints](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34492-websites-and-applications-insight-dos-via-unbounded-tx-id-list-p.md)

</details>

## Reports by Type

[Websites and Applications](#websites-and-applications)

<details>

<summary>Websites and Applications</summary>

* [Boost \_ Shardeum\_ Ancillaries 33040 - \[Websites and Applications - Low\] API CSRF protection bypass leading to arbitrary operator-cli command execution](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33040-websites-and-applications-low-api-csrf-protection-bypass-leading.md)
* [Boost \_ Shardeum\_ Ancillaries 33392 - \[Websites and Applications - Insight\] Validator GUI password bruteforcing is possible using the proxies](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33392-websites-and-applications-insight-validator-gui-password-brutefo.md)
* [Boost \_ Shardeum\_ Ancillaries 33490 - \[Websites and Applications - Insight\] Abusing blacklist functionality to get victims IP to be banned](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33490-websites-and-applications-insight-abusing-blacklist-functionalit.md)
* [Boost \_ Shardeum\_ Ancillaries 33522 - \[Websites and Applications - Insight\] Exposed Redis Service Vulnerability on apishardeumorg](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33522-websites-and-applications-insight-exposed-redis-service-vulnerab.md)
* [Boost \_ Shardeum\_ Ancillaries 33558 - \[Websites and Applications - Insight\] In some instances the socket can be made to hang](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33558-websites-and-applications-insight-in-some-instances-the-socket-c.md)
* [Boost \_ Shardeum\_ Ancillaries 33571 - \[Websites and Applications - Medium\] Taking down the websocket server via malicious methods object override](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33571-websites-and-applications-medium-taking-down-the-websocket-serve.md)
* [Boost \_ Shardeum\_ Ancillaries 33577 - \[Websites and Applications - Insight\] Taking down the HTTP server via jayson -day vulnerability](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33577-websites-and-applications-insight-taking-down-the-http-server-vi.md)
* [Boost \_ Shardeum\_ Ancillaries 33692 - \[Websites and Applications - Low\] Reflected XSS in validator node endpoints leads to node shutdown via validator-gui](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33692-websites-and-applications-low-reflected-xss-in-validator-node-en.md)
* [Boost \_ Shardeum\_ Ancillaries 33809 - \[Websites and Applications - Insight\] Blocking the user from interacting with GUI via rate-limiting abuse](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-33809-websites-and-applications-insight-blocking-the-user-from-interac.md)
* [Boost \_ Shardeum\_ Ancillaries 34298 - \[Websites and Applications - Medium\] archive-server can be killed by connected shardus-instance](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34298-websites-and-applications-medium-archive-server-can-be-killed-by.md)
* [Boost \_ Shardeum\_ Ancillaries 34367 - \[Websites and Applications - Low\] CSRF vulnerability due to missing SameSiteStrict attribute resulting blackhat to perform authenticated action](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34367-websites-and-applications-low-csrf-vulnerability-due-to-missing.md)
* [Boost \_ Shardeum\_ Ancillaries 34392 - \[Websites and Applications - Medium\] JSON-RPC Complete Password Recovery Through Timing Attack](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34392-websites-and-applications-medium-json-rpc-complete-password-reco.md)
* [Boost \_ Shardeum\_ Ancillaries 34473 - \[Websites and Applications - Low\] Insight XSS in json rpc server without CSP bypass](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34473-websites-and-applications-low-insight-xss-in-json-rpc-server-wit.md)
* [Boost \_ Shardeum\_ Ancillaries 34474 - \[Websites and Applications - Insight\] SQL injection in json-rpc-server within thetxStatusSaver function via the IP argument leads to application shutdown](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34474-websites-and-applications-insight-sql-injection-in-json-rpc-serv.md)
* [Boost \_ Shardeum\_ Ancillaries 34475 - \[Websites and Applications - Low\] CSRF in Json RPC Server allows requesting authenticated API endpoints](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34475-websites-and-applications-low-csrf-in-json-rpc-server-allows-req.md)
* [Boost \_ Shardeum\_ Ancillaries 34492 - \[Websites and Applications - Insight\] DoS via unbounded tx id list processing in api endpoints](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34492-websites-and-applications-insight-dos-via-unbounded-tx-id-list-p.md)
* [Boost \_ Shardeum\_ Ancillaries 34508 - \[Websites and Applications - Critical\] Malicious archiver can overwtite account data on any active archiver](/shardeum-ancillaries/boost-_-shardeum_-ancillaries-34508-websites-and-applications-critical-malicious-archiver-can-overwt.md)

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://reports.immunefi.com/shardeum-ancillaries.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.