OpenZeppelin contracts are vulnerable to authorization bypass. The vulnerability is due to functions ECDSA.recover
and ECDSA.tryRecover
accepting EIP-2098 and 65-byte signatures. Affected contracts have signature reuse or replay protection, implemented by marking the signature as used rather than the signed message. An attacker can bypass this protection by submitting a reused signature.