Authorization Bypass

2022-11-0906:05:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

openzeppelin contracts

authentication bypass

vulnerability

initializer modifier

handling

reentrancy

external call

untrusted address

EPSS

0.001

Percentile

49.9%

JSON

OpenZeppelin Contracts is vulnerable to authentication bypass. The vulnerability exists because initializer modifier is not properly handled which allows an attacker to cause reentrancy by executing an external call to an untrusted address.

References

github.com/OpenZeppelin/openzeppelin-contracts/commit/553c8fdec708ea10dd5f4a2977364af7a562566f

github.com/OpenZeppelin/openzeppelin-contracts/pull/3006

github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9c22-pwxw-p6hx

EPSS

0.001

Percentile

49.9%

JSON

Related for VERACODE:37851