4 matches found
CVE-2023-49798
OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...
@offchainlabs/l1-l3-teleport-contracts (>=0.1.0-alpha.1 <=1.0.1) potentially affected by CVE-2023-49798 via @openzeppelin/contracts (=4.9.4)
@openzeppelin/contracts NPM version =4.9.4 is affected by a known vulnerability. The following packages have a transitive dependency on @openzeppelin/contracts and may be impacted: - @offchainlabs/l1-l3-teleport-contracts =0.1.0-alpha.1, =1.0.1 Source cves: CVE-2023-49798 Source advisory:...
CVE-2023-49798
OpenZeppelin Contracts’ CVE-2023-49798 relates to a merge-conflict error in the Multicall.sol implementation that caused all subcalls to be executed twice in versions @openzeppelin/[email protected] and @openzeppelin/[email protected]. This duplication could lead to unintended duplicate o...
CVE-2023-49798 Duplicated execution of subcalls in OpenZeppelin Contracts
OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of Multicall.sol released in @openzeppelin/[email protected] and @openzeppelin/[email protected], all subcalls are...