5.3.0
5 years ago
15 days ago
Known vulnerabilities in the @openzeppelin/contracts package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Denial of Service (DoS) such that a function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from calldata. How to fix Denial of Service (DoS)? Upgrade | >=3.2.0 <4.8.3 |
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via How to fix Improper Verification of Cryptographic Signature? Upgrade | <4.7.3 |
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Denial of Service (DoS) in the How to fix Denial of Service (DoS)? Upgrade | >=2.3.0 <4.7.2 |
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible for NOTE: This vulnerability has also been identified as: CVE-2022-39384 How to fix Deserialization of Untrusted Data? Upgrade | >=3.2.0 <4.4.1 |
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible for NOTE: This vulnerability has also been identified as: CVE-2021-46320 How to fix Deserialization of Untrusted Data? Upgrade | >=3.2.0 <4.4.1 |
@openzeppelin/contracts is a library for contract development. Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. As a workaround, revoke the executor role from accounts not strictly under the team's control. It is recommended to revoke all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. How to fix Privilege Escalation? Upgrade | >=4.0.0-beta.0 <4.3.1<3.4.2 |