@openzeppelin/contractsvulnerable to improper input validation. The vulnerability exists in the ERC165Checker
function in ERC165Checker.sol
and ERC165CheckerUpgradeable
function in ERC165CheckerUpgradeable.sol
due to the incorrect assumption about abi.decode
which allows a malicious user to pass an invalid signature to the system and become authenticated.
blog.gitea.io/2022/05/gitea-1.16.7-is-released/
github.com/advisories/GHSA-qh9x-gcfh-pcrw
github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/5e9bccb282ee8f3c9c4abaccc74b40b9d34ccffa
github.com/OpenZeppelin/openzeppelin-contracts/commit/212de08e7f47b9836acca681ce0c9c6f91fe78aa
github.com/OpenZeppelin/openzeppelin-contracts/pull/3552
github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-qh9x-gcfh-pcrw