Lucene search

K

Veracode Vulnerability DatabaseVERACODE:42756

HistoryAug 14, 2023 - 9:21 a.m.

Improper Encoding

2023-08-1409:21:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

vulnerability

openzeppelin/contracts

improper encoding

erc2771context

smart contracts

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

44.5%

openzeppelin/contracts is vulnerable to Improper Encoding. The vulnerability exists due to improperly validating ERC2771Context which allows an attacker to cause unintended behavior in smart contracts that rely on the sender’s accurate identification.

References

github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/1c13b8134f4216a1df353956ab8d8364c9882f7b

github.com/OpenZeppelin/openzeppelin-contracts/commit/9445f96223041abf2bf08daa56f8da50b674cbcd

github.com/OpenZeppelin/openzeppelin-contracts/commit/e4435eed757d4309436b1e06608e97b6d6e2fdb5

github.com/OpenZeppelin/openzeppelin-contracts/pull/4481

github.com/OpenZeppelin/openzeppelin-contracts/pull/4484

github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.3

github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-g4vp-m682-qqmp

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

44.5%

Related for VERACODE:42756

osv2 ubuntucve1 cvelist1 nvd1 prion1 cve1 github1