CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
44.5%
openzeppelin/contracts is vulnerable to Improper Encoding. The vulnerability exists due to improperly validating ERC2771Context
which allows an attacker to cause unintended behavior in smart contracts that rely on the sender’s accurate identification.
github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/1c13b8134f4216a1df353956ab8d8364c9882f7b
github.com/OpenZeppelin/openzeppelin-contracts/commit/9445f96223041abf2bf08daa56f8da50b674cbcd
github.com/OpenZeppelin/openzeppelin-contracts/commit/e4435eed757d4309436b1e06608e97b6d6e2fdb5
github.com/OpenZeppelin/openzeppelin-contracts/pull/4481
github.com/OpenZeppelin/openzeppelin-contracts/pull/4484
github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.3
github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-g4vp-m682-qqmp