Veracode Vulnerability DatabaseVERACODE:36434Authentication Bypass
0.001 Low
EPSS
Percentile
26.9%
@openzeppelin/contractsvulnerable to improper input validation. The vulnerability exists in the ERC165Checker function in ERC165Checker.sol and ERC165CheckerUpgradeable function in ERC165CheckerUpgradeable.sol due to the incorrect assumption about abi.decode which allows a malicious user to pass an invalid signature to the system and become authenticated.
References
blog.gitea.io/2022/05/gitea-1.16.7-is-released/
github.com/advisories/GHSA-qh9x-gcfh-pcrw
github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/5e9bccb282ee8f3c9c4abaccc74b40b9d34ccffa
github.com/OpenZeppelin/openzeppelin-contracts/commit/212de08e7f47b9836acca681ce0c9c6f91fe78aa
github.com/OpenZeppelin/openzeppelin-contracts/pull/3552
github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-qh9x-gcfh-pcrw
Related
