Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1907

Malicious code in bioql PyPI...

5.9CVSS5.9AI score0.00371EPSS
Exploits0References5
Veracode
Veracode
added 2023/06/26 7:28 a.m.18 views

Improper Input Validation

@openzeppelin/contracts and @openzeppelin/contracts-upgradeable are vulnerable to Improper Input Validation. If a contract uses multiproofs for verification and the merkle tree processing includes a node with value 0 at depth 1, then the contract may be insecure. Balanced trees with three or fewe...

5.9CVSS6.8AI score0.00371EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2023/06/19 7:46 p.m.81 views

GHSA-WPRV-93R4-JJ2P OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

Impact When the verifyMultiProof, verifyMultiProofCalldata, processMultiProof, or processMultiProofCalldata functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for...

5.3CVSS5.3AI score0.00371EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/06/19 7:46 p.m.37 views

OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

Impact When the verifyMultiProof, verifyMultiProofCalldata, processMultiProof, or processMultiProofCalldata functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for...

5.9CVSS6.7AI score0.00371EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/06/16 10:13 p.m.15 views

CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...

5.3CVSS6.9AI score0.00371EPSS
Exploits0References3
CVE
CVE
added 2023/06/16 10:13 p.m.93 views

CVE-2023-34459

OpenZeppelin Contracts (versions 4.7.0–4.9.1) are affected by a multiproof forgery issue when using verifyMultiProof/verifyMultiProofCalldata/processMultiProof/processMultiProofCalldata. If the merkle tree includes a node with value 0 at depth 1 under the root, a adversarial or certain benign tre...

5.9CVSS5.3AI score0.00371EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/06/16 10:13 p.m.33 views

CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees

OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...

5.3CVSS5.7AI score0.00371EPSS
Exploits0References5
Rows per page
Query Builder