4 matches found
CVE-2022-31170
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...
4337-snap (>=0.1.0 <=0.1.1), @0xabcdefg/smart-order-router (>=1.0.0 <=1.0.5) +1270 more potentially affected by CVE-2022-31170 via @openzeppelin/contracts (>=4.0.0 <=4.7.0)
@openzeppelin/contracts NPM version =4.0.0, =0.1.0, =1.0.0, =1.0.0, =3.24.7, =1.7.2, =1.0.0, =0.2.0, =4.14.3, =1.0.2, =4.0.0, =4.0.1, =2.0.0, =3.1.0 and more Source cves: CVE-2022-31170 Source advisory: OSV:GHSA-QH9X-GCFH-PCRW...
@abacus-network/helloworld (>=0.2.1-alpha <=0.2.1-beta2), @alt-research/orbit-sdk-avail (>=0.9.1 <=0.9.11) +108 more potentially affected by CVE-2022-31170 via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.7.0)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.2.1-alpha, =0.9.1, =0.19.0-beta.0, =0.1.0-alpha, =0.24.2, =1.0.0, =0.6.0, =1.1.4-migration-beta.0, =1.0.0-beta.0, =1.0.0-upstream-0.19.0, =1.4.0, =1.5.0-beta.0 and more Source cves: CVE-2022-31170 Source advisory: OSV:GHSA-QH9X-GCFH-PCRW...
CVE-2022-31170 OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...