Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40openzeppelin/contracts-upgradeable@4.0.0
Typenpm
Namespace@openzeppelin
Namecontracts-upgradeable
Version4.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.3.1
Latest_non_vulnerable_version5.4.0
Affected_by_vulnerabilities
0
url VCID-4c19-crxp-93fh
vulnerability_id VCID-4c19-crxp-93fh
summary 
Inconsistent storage layout for ERC2771ContextUpgradeable
The storage layout of the ERC2771ContextUpgradeable is not constant
references
0
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
1
reference_url https://github.com/OpenZeppelin/openzeppelin-transpiler/pull/86
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-transpiler/pull/86
2
reference_url https://github.com/advisories/GHSA-7j52-6fjp-58gr
reference_id GHSA-7j52-6fjp-58gr
reference_type
scores
url https://github.com/advisories/GHSA-7j52-6fjp-58gr
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-7j52-6fjp-58gr
reference_id GHSA-7j52-6fjp-58gr
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-7j52-6fjp-58gr
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.0
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e2yb-zuf8-6qbk
1
vulnerability VCID-mshr-yc9h-jufk
2
vulnerability VCID-r1tt-p7t8-ufgh
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.0
aliases GHSA-7j52-6fjp-58gr, GMS-2022-450
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4c19-crxp-93fh
1
url VCID-n62w-34wv-rbdn
vulnerability_id VCID-n62w-34wv-rbdn
summary 
Improper Encoding or Escaping of Output
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.
references
0
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.3/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.3/CHANGELOG.md
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/9445f96223041abf2bf08daa56f8da50b674cbcd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/9445f96223041abf2bf08daa56f8da50b674cbcd
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/e4435eed757d4309436b1e06608e97b6d6e2fdb5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/e4435eed757d4309436b1e06608e97b6d6e2fdb5
4
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4481
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4481
5
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4484
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4484
6
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40014
reference_id CVE-2023-40014
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40014
8
reference_url https://github.com/advisories/GHSA-g4vp-m682-qqmp
reference_id GHSA-g4vp-m682-qqmp
reference_type
scores
url https://github.com/advisories/GHSA-g4vp-m682-qqmp
9
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-g4vp-m682-qqmp
reference_id GHSA-g4vp-m682-qqmp
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-g4vp-m682-qqmp
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.3
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.9.3
aliases CVE-2023-40014, GHSA-g4vp-m682-qqmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n62w-34wv-rbdn
2
url VCID-nkwc-fgjc-kqbt
vulnerability_id VCID-nkwc-fgjc-kqbt
summary 
Improper Privilege Management
OpenZepplin is a library for smart contract development. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39168
reference_id
reference_type
scores
0
value 0.00443
scoring_system epss
scoring_elements 0.6364
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39168
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeabl
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeabl
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39168
reference_id CVE-2021-39168
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39168
5
reference_url https://github.com/advisories/GHSA-vrw4-w73r-6mm8
reference_id GHSA-vrw4-w73r-6mm8
reference_type
scores
url https://github.com/advisories/GHSA-vrw4-w73r-6mm8
6
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8
reference_id GHSA-vrw4-w73r-6mm8
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.1
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.1
aliases CVE-2021-39168, GHSA-vrw4-w73r-6mm8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nkwc-fgjc-kqbt
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.0.0