EUVD-2022-0912

Malicious code in bioql PyPI...

Attacker can steal money from the initializer function

Lines of code Vulnerability details Impact Your Using old openzeplin Verision which the initializer function is vulnerable to and an attacker can call it twice after it’s been initliazed and since it approves max tokens to those contract. Which then after it’s first initialization the attacker...

@avalabs/avalanche-wallet-sdk (>=0.3.0 <=0.9.4), @b0dhidharma/contract-utils (=0.1.1) +62 more potentially affected by CVE-2021-41264 via @openzeppelin/contracts (>=4.1.0 <=4.3.1)

@openzeppelin/contracts NPM version =4.1.0, =0.3.0, =0.0.2, =1.0.0, =1.1.0, =2.0.0, =0.1.1, =0.0.1, =3.0.0-alpha.2, =3.0.0-alpha.1, =3.0.0-alpha.1, =3.0.0-alpha.1, =0.0.0-863d96e4, =0.0.23-canary and more Source cves: CVE-2021-41264 Source advisory: OSV:GHSA-5VP3-V4HC-GX76...