14 matches found
EUVD-2022-28794
Malicious code in bioql PyPI...
OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
Impact This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirement, past proposals ma...
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Impact The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. Patches The issue has been fixed in v4.7.2. References...
CVE-2022-35915
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...
CVE-2022-35916
OpenZeppelin Contracts vulnerability CVE-2022-35916 affects cross-chain utilities for Arbitrum L2, specifically CrossChainEnabledArbitrumL2 and LibArbitrumL2. The issue classifies direct interactions of EOAs as cross-chain calls, even when not initiated on L1, due to how cross-chain interactions ...
CVE-2022-23869
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...
CVE-2022-23868
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...
CVE-2022-23868
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...
CVE-2022-23869
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...
Cross site request forgery (csrf)
In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request...
Input validation
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...
CVE-2022-23869
In RuoYi v4.7.2 WebUI, there is a privilege-check bypass in password reset: user test1 cannot reset test3’s password per permissions, yet the /system/user/resetPwd endpoint can reset test3’s password, enabling unauthorized password-reset actions.
CVE-2022-23868
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...
CVE-2022-23868
CVE-2022-23868 affects RuoYi v4.7.2 via the ruoyi-admin interface, describing a CSV injection vulnerability when a victim opens an .xlsx log file. The connected Red Hat entry corroborates the same product/version. CVSS‑3.1 base score is 7.8 (HIGH) with LOCAL attack, user interaction required, and...