Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40openzeppelin/contracts-upgradeable@4.9.1
Typenpm
Namespace@openzeppelin
Namecontracts-upgradeable
Version4.9.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.9.6
Latest_non_vulnerable_version5.4.0
Affected_by_vulnerabilities
0
url VCID-n62w-34wv-rbdn
vulnerability_id VCID-n62w-34wv-rbdn
summary 
Improper Encoding or Escaping of Output
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40014
reference_id
reference_type
scores
0
value 0.00612
scoring_system epss
scoring_elements 0.70252
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40014
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.3/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.9.3/CHANGELOG.md
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/9445f96223041abf2bf08daa56f8da50b674cbcd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:57:45Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/9445f96223041abf2bf08daa56f8da50b674cbcd
4
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/e4435eed757d4309436b1e06608e97b6d6e2fdb5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:57:45Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/e4435eed757d4309436b1e06608e97b6d6e2fdb5
5
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4481
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:57:45Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4481
6
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4484
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:57:45Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/pull/4484
7
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:57:45Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40014
reference_id CVE-2023-40014
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40014
9
reference_url https://github.com/advisories/GHSA-g4vp-m682-qqmp
reference_id GHSA-g4vp-m682-qqmp
reference_type
scores
url https://github.com/advisories/GHSA-g4vp-m682-qqmp
10
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-g4vp-m682-qqmp
reference_id GHSA-g4vp-m682-qqmp
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:57:45Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-g4vp-m682-qqmp
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.3
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wvaj-hpg7-jbag
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.9.3
aliases CVE-2023-40014, GHSA-g4vp-m682-qqmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n62w-34wv-rbdn
1
url VCID-rgdr-jxdc-hucn
vulnerability_id VCID-rgdr-jxdc-hucn
summary 
Improper Validation of Integrity Check Value
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the `verifyMultiProof`, `verifyMultiProofCalldata`, `procesprocessMultiProof`, or `processMultiProofCalldat` functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves.

A contract may be vulnerable if it uses multiproofs for verification and the merkle tree that is processed includes a node with value 0 at depth 1 (just under the root). This could happen inadvertedly for balanced trees with 3 leaves or less, if the leaves are not hashed. This could happen deliberately if a malicious tree builder includes such a node in the tree.

A contract is not vulnerable if it uses single-leaf proving (`verify`, `verifyCalldata`, `processProof`, or `processProofCalldata`), or if it uses multiproofs with a known tree that has hashed leaves. Standard merkle trees produced or validated with the @openzeppelin/merkle-tree library are safe.

The problem has been patched in version 4.9.2.

Some workarounds are available. For those using multiproofs: When constructing merkle trees hash the leaves and do not insert empty nodes in your trees. Using the @openzeppelin/merkle-tree package eliminates this issue. Do not accept user-provided merkle roots without reconstructing at least the first level of the tree. Verify the merkle tree structure by reconstructing it from the leaves.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34459
reference_id
reference_type
scores
0
value 0.00863
scoring_system epss
scoring_elements 0.75472
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34459
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/4d2383e17186be3e8ccf5a442e9686ecc7de1c55
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-16T18:35:10Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/4d2383e17186be3e8ccf5a442e9686ecc7de1c55
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-16T18:35:10Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34459
reference_id CVE-2023-34459
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34459
5
reference_url https://github.com/advisories/GHSA-wprv-93r4-jj2p
reference_id GHSA-wprv-93r4-jj2p
reference_type
scores
url https://github.com/advisories/GHSA-wprv-93r4-jj2p
6
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-wprv-93r4-jj2p
reference_id GHSA-wprv-93r4-jj2p
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-16T18:35:10Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-wprv-93r4-jj2p
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.2
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n62w-34wv-rbdn
1
vulnerability VCID-wvaj-hpg7-jbag
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.9.2
aliases CVE-2023-34459, GHSA-wprv-93r4-jj2p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgdr-jxdc-hucn
2
url VCID-wvaj-hpg7-jbag
vulnerability_id VCID-wvaj-hpg7-jbag
summary 
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer.

Although the `encode` function pads the output for these cases, up to 4 bits of data are kept between the encoding and padding, corrupting the output if these bits were dirty (i.e. memory after the input is not 0). These conditions are more frequent in the following scenarios:

- A `bytes memory` struct is allocated just after the input and the first bytes of it are non-zero.
- The memory pointer is set to a non-empty memory location before allocating the input.

Developers should evaluate whether the extra bits can be maliciously manipulated by an attacker.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27094
reference_id
reference_type
scores
0
value 0.00564
scoring_system epss
scoring_elements 0.68786
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27094
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:34:52Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:34:52Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c
4
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:34:52Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854
5
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:34:52Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27094
reference_id CVE-2024-27094
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27094
7
reference_url https://github.com/advisories/GHSA-9vx6-7xxf-x967
reference_id GHSA-9vx6-7xxf-x967
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9vx6-7xxf-x967
8
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967
reference_id GHSA-9vx6-7xxf-x967
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-02T19:34:52Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.6
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.9.6
1
url pkg:npm/%40openzeppelin/contracts-upgradeable@5.0.2
purl pkg:npm/%40openzeppelin/contracts-upgradeable@5.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@5.0.2
aliases CVE-2024-27094, GHSA-9vx6-7xxf-x967
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wvaj-hpg7-jbag
Fixing_vulnerabilities
0
url VCID-mshr-yc9h-jufk
vulnerability_id VCID-mshr-yc9h-jufk
summary 
Generation of Predictable Numbers or Identifiers
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34234
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28689
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34234
1
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts
2
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/d9474327a492f9f310f31bc53f38dbea56ed9a57
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T20:13:05Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/commit/d9474327a492f9f310f31bc53f38dbea56ed9a57
3
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.9.1
4
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/66f390fa516b550838e2c2f65132b5bc2afe1ced
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/66f390fa516b550838e2c2f65132b5bc2afe1ced
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34234
reference_id CVE-2023-34234
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34234
6
reference_url https://github.com/advisories/GHSA-5h3x-9wvq-w4m2
reference_id GHSA-5h3x-9wvq-w4m2
reference_type
scores
url https://github.com/advisories/GHSA-5h3x-9wvq-w4m2
7
reference_url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-5h3x-9wvq-w4m2
reference_id GHSA-5h3x-9wvq-w4m2
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T20:13:05Z/
url https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-5h3x-9wvq-w4m2
fixed_packages
0
url pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.1
purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n62w-34wv-rbdn
1
vulnerability VCID-rgdr-jxdc-hucn
2
vulnerability VCID-wvaj-hpg7-jbag
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.9.1
aliases CVE-2023-34234, GHSA-5h3x-9wvq-w4m2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mshr-yc9h-jufk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.9.1