@openzeppelin/contracts-upgradeable@3.4.2 vulnerabilities
Secure Smart Contract library for Solidity
-
latest version
5.0.2
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
a month ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @openzeppelin/contracts-upgradeable package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Denial of Service (DoS) such that a function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. How to fix Denial of Service (DoS)? Upgrade |
>=3.2.0 <4.8.3
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via How to fix Improper Verification of Cryptographic Signature? Upgrade |
<4.7.3
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Denial of Service (DoS) in the How to fix Denial of Service (DoS)? Upgrade |
>=3.2.0 <4.7.2
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible for NOTE: This vulnerability has also been identified as: CVE-2021-46320 How to fix Deserialization of Untrusted Data? Upgrade |
>=3.2.0 <4.4.1
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible for NOTE: This vulnerability has also been identified as: CVE-2022-39384 How to fix Deserialization of Untrusted Data? Upgrade |
>=3.2.0 <4.4.1
|