@openzeppelin/contracts-upgradeable@4.7.0 vulnerabilities
Secure Smart Contract library for Solidity
-
latest version
5.1.0
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
6 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @openzeppelin/contracts-upgradeable package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Out-of-bounds Read due to the Note: These conditions are more frequent in the following scenarios:
How to fix Out-of-bounds Read? Upgrade |
>=4.5.0 <4.9.6
>=5.0.0-rc.0 <5.0.2
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Contracts using Note: This can lead to unintended consequences or incorrect behavior in smart contracts that rely on the accurate identification of the sender. How to fix Improper Encoding or Escaping of Output? Upgrade |
>=4.0.0 <4.9.3
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Improper Input Validation when the How to fix Improper Input Validation? Upgrade |
>=4.7.0 <4.9.2
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Missing Authorization. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. Note: In order for this attack to succeed, an attacker would need to have prior knowledge of a proposal creation. Impact: This issue impacts the How to fix Missing Authorization? Upgrade |
>=4.3.0 <4.9.1
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Denial of Service (DoS) such that a function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. How to fix Denial of Service (DoS)? Upgrade |
>=3.2.0 <4.8.3
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Improper Input Validation due to missing signatures length validation of the proposal creation entry point ( How to fix Improper Input Validation? Upgrade |
>=4.3.0 <4.8.3
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via How to fix Improper Verification of Cryptographic Signature? Upgrade |
<4.7.3
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Denial of Service (DoS) in the How to fix Denial of Service (DoS)? Upgrade |
>=3.2.0 <4.7.2
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via contracts using the cross-chain utilities for Arbitrum Note: Any action taken by an EOA on the contract can also be taken by the EOA through the bridge if the issue was not present. How to fix Incorrect Resource Transfer Between Spheres? Upgrade |
>=4.6.0 <4.7.2
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Incorrect Calculation via the How to fix Incorrect Calculation? Upgrade |
>=4.3.0 <4.7.2
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Information Exposure. The contracts that may be affected are those that use How to fix Information Exposure? Upgrade |
>=4.1.0 <4.7.1
|
@openzeppelin/contracts-upgradeable is a Secure Smart Contract library for Solidity. Affected versions of this package are vulnerable to Information Exposure. The contracts that may be affected are those that use How to fix Information Exposure? Upgrade |
>=4.0.0 <4.7.1
|