Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hqyw-2vt2-tfcn

Summary

OpenZeppelin Contracts vulnerable to ECDSA signature malleability
### Impact

The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments.

The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection.

### Patches

The issue has been patched in 4.7.3.


### For more information

If you have any questions or comments about this advisory, or need assistance deploying a fix, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).

Aliases

alias	CVE-2022-35961

alias	GHSA-4h98-2769-gh6h

Fixed_packages

url pkg:npm/%40openzeppelin/contracts@4.7.3

purl pkg:npm/%40openzeppelin/contracts@4.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.3

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.3

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.3

Affected_packages

url pkg:npm/%40openzeppelin/contracts@4.1.0

purl pkg:npm/%40openzeppelin/contracts@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-snry-t5m2-c3hn

vulnerability	VCID-xpnm-mbrk-mugy

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.1.0

url pkg:npm/%40openzeppelin/contracts@4.2.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.2.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-snry-t5m2-c3hn

vulnerability	VCID-xpnm-mbrk-mugy

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.2.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.2.0

purl pkg:npm/%40openzeppelin/contracts@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-snry-t5m2-c3hn

vulnerability	VCID-xpnm-mbrk-mugy

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.2.0

url pkg:npm/%40openzeppelin/contracts@4.3.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.3.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-snry-t5m2-c3hn

vulnerability	VCID-xpnm-mbrk-mugy

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.3.0

purl pkg:npm/%40openzeppelin/contracts@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

vulnerability	VCID-xpnm-mbrk-mugy

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.0

url pkg:npm/%40openzeppelin/contracts@4.3.1

purl pkg:npm/%40openzeppelin/contracts@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.1

url pkg:npm/%40openzeppelin/contracts@4.3.2

purl pkg:npm/%40openzeppelin/contracts@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.2

url pkg:npm/%40openzeppelin/contracts@4.3.3

purl pkg:npm/%40openzeppelin/contracts@4.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.3

url pkg:npm/%40openzeppelin/contracts@4.4.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.4.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.4.0-rc.1

purl pkg:npm/%40openzeppelin/contracts@4.4.0-rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.0-rc.1

url pkg:npm/%40openzeppelin/contracts@4.4.0

purl pkg:npm/%40openzeppelin/contracts@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.0

url pkg:npm/%40openzeppelin/contracts@4.4.1

purl pkg:npm/%40openzeppelin/contracts@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.1

url pkg:npm/%40openzeppelin/contracts@4.4.2

purl pkg:npm/%40openzeppelin/contracts@4.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.2

url pkg:npm/%40openzeppelin/contracts@4.5.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.5.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.5.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.5.0

purl pkg:npm/%40openzeppelin/contracts@4.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.5.0

url pkg:npm/%40openzeppelin/contracts@4.6.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.6.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.6.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.6.0

purl pkg:npm/%40openzeppelin/contracts@4.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.6.0

url pkg:npm/%40openzeppelin/contracts@4.7.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.7.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.7.0

purl pkg:npm/%40openzeppelin/contracts@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.0

url pkg:npm/%40openzeppelin/contracts@4.7.1

purl pkg:npm/%40openzeppelin/contracts@4.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.1

url pkg:npm/%40openzeppelin/contracts@4.7.2

purl pkg:npm/%40openzeppelin/contracts@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.2

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.1.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c19-crxp-93fh

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-u3xc-5csn-r3cn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.1.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.2.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c19-crxp-93fh

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-u3xc-5csn-r3cn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.2.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.0-rc.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4c19-crxp-93fh

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-u3xc-5csn-r3cn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.0-rc.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-u3xc-5csn-r3cn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-u3xc-5csn-r3cn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.2

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.2

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.3

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.3

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.0-rc.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.0-rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.4.0-rc.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.4.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.4.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.2

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.4.2

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.0-rc.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.5.0-rc.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.5.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.5.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.2

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.5.2

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.6.0-rc.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.6.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.6.0-rc.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.6.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.6.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.0-rc.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.0-rc.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.2

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35961

reference_id

reference_type

scores

value	0.00164
scoring_system	epss
scoring_elements	0.37109
published_at	2026-06-04T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37174
published_at	2026-06-07T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.37207
published_at	2026-06-06T12:55:00Z

value	0.00164
scoring_system	epss
scoring_elements	0.372
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35961

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/OpenZeppelin/openzeppelin-contracts

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/commit/d693d89d99325f395182e4f547dbf5ff8e5c3c87

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/OpenZeppelin/openzeppelin-contracts/commit/d693d89d99325f395182e4f547dbf5ff8e5c3c87

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3610

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:53Z/

url

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3610

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.3

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:53Z/

url

https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.3

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:53Z/

url

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-35961

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-35961

reference_url

https://github.com/advisories/GHSA-4h98-2769-gh6h

reference_id

GHSA-4h98-2769-gh6h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4h98-2769-gh6h

Weaknesses

cwe_id	354
name	Improper Validation of Integrity Check Value
description	The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqyw-2vt2-tfcn

Vulnerability Instance