11 matches found
EUVD-2023-2289
Malicious code in bioql PyPI...
Improper Encoding
openzeppelin/contracts is vulnerable to Improper Encoding. The vulnerability exists due to improperly validating ERC2771Context which allows an attacker to cause unintended behavior in smart contracts that rely on the sender's accurate identification...
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Impact OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata...
GHSA-G4VP-M682-QQMP OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Impact OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata...
CVE-2023-40014
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...
CVE-2023-40014
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...
CVE-2023-40014
OpenZeppelin Contracts (v4.0.0–v4.9.3) is vulnerable to an issue in ERC2771Context used with a custom trusted forwarder, where _msgSender may evaluate to address(0) for calls from the forwarder with calldata shorter than 20 bytes. The problem is not common for MinimalForwarder, as signer addresse...
CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...
CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...
CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...
PT-2023-27209 · Openzeppelin · Openzeppelin Contracts
Name of the Vulnerable Software and Affected Versions: OpenZeppelin Contracts versions 4.0.0 through 4.9.3 Description: OpenZeppelin Contracts is a library for secure smart contract development. Contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0...