Описание
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 4.7.2 (исключая)Версия от 3.2.0 (включая) до 4.7.2 (исключая)Версия от 2.0.0 (включая)Версия от 2.0.0 (включая)
Одно из
cpe:2.3:a:openzeppelin:contracts:*:*:*:*:*:node.js:*:*
cpe:2.3:a:openzeppelin:contracts_upgradeable:*:*:*:*:*:node.js:*:*
cpe:2.3:a:openzeppelin:openzeppelin-eth:*:*:*:*:*:node.js:*:*
cpe:2.3:a:openzeppelin:openzeppelin-solidity:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 53%
0.00305
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-400
CWE-770
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
EPSS
Процентиль: 53%
0.00305
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-400
CWE-770