Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
9.8CVSS
9.3AI Score
0.007EPSS
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.
5.3CVSS
5.2AI Score
0.001EPSS