@openzeppelin/contracts@3.2.0-rc.0 vulnerabilities
Secure Smart Contract library for Solidity
-
latest version
5.0.2
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
2 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @openzeppelin/contracts package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via How to fix Improper Verification of Cryptographic Signature? Upgrade |
<4.7.3
|
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Denial of Service (DoS) in the How to fix Denial of Service (DoS)? Upgrade |
>=2.3.0 <4.7.2
|
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. As a workaround, revoke the executor role from accounts not strictly under the team's control. It is recommended to revoke all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. How to fix Privilege Escalation? Upgrade |
>=4.0.0-beta.0 <4.3.1
<3.4.2
|
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Improper Synchronization via the How to fix Improper Synchronization? Upgrade |
<3.4.0-rc.0
|