Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-9pnw-9buy-5kab

Summary

OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
### Impact

This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirement, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement.

Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue.

### Patches

This issue has been patched in v4.7.2.

### Workarounds

Avoid lowering quorum requirements if a past proposal was defeated for lack of quorum.

### References

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561

### For more information

If you have any questions or comments about this advisory, or need assistance deploying the fix, email us at [security@openzeppelin.com](mailto:security@openzeppelin.com).

Aliases

alias	CVE-2022-31198

alias	GHSA-xrc4-737v-9q75

Fixed_packages

url pkg:npm/%40openzeppelin/contracts@4.7.2

purl pkg:npm/%40openzeppelin/contracts@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.2

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.2

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.2

Affected_packages

url pkg:npm/%40openzeppelin/contracts@4.3.0

purl pkg:npm/%40openzeppelin/contracts@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

vulnerability	VCID-xpnm-mbrk-mugy

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.0

url pkg:npm/%40openzeppelin/contracts@4.3.1

purl pkg:npm/%40openzeppelin/contracts@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.1

url pkg:npm/%40openzeppelin/contracts@4.3.2

purl pkg:npm/%40openzeppelin/contracts@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.2

url pkg:npm/%40openzeppelin/contracts@4.3.3

purl pkg:npm/%40openzeppelin/contracts@4.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.3.3

url pkg:npm/%40openzeppelin/contracts@4.4.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.4.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.4.0-rc.1

purl pkg:npm/%40openzeppelin/contracts@4.4.0-rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.0-rc.1

url pkg:npm/%40openzeppelin/contracts@4.4.0

purl pkg:npm/%40openzeppelin/contracts@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-jwma-7k4s-5kgx

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-snry-t5m2-c3hn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.0

url pkg:npm/%40openzeppelin/contracts@4.4.1

purl pkg:npm/%40openzeppelin/contracts@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.1

url pkg:npm/%40openzeppelin/contracts@4.4.2

purl pkg:npm/%40openzeppelin/contracts@4.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.4.2

url pkg:npm/%40openzeppelin/contracts@4.5.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.5.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.5.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.5.0

purl pkg:npm/%40openzeppelin/contracts@4.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.5.0

url pkg:npm/%40openzeppelin/contracts@4.6.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.6.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.6.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.6.0

purl pkg:npm/%40openzeppelin/contracts@4.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.6.0

url pkg:npm/%40openzeppelin/contracts@4.7.0-rc.0

purl pkg:npm/%40openzeppelin/contracts@4.7.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.0-rc.0

url pkg:npm/%40openzeppelin/contracts@4.7.0

purl pkg:npm/%40openzeppelin/contracts@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.0

url pkg:npm/%40openzeppelin/contracts@4.7.1

purl pkg:npm/%40openzeppelin/contracts@4.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts@4.7.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nkwc-fgjc-kqbt

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-u3xc-5csn-r3cn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-a5j2-t27s-afgq

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-u3xc-5csn-r3cn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.2

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pah6-6268-63ap

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.2

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.3

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.3.3

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.0-rc.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.0-rc.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.4.0-rc.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.4.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-e2yb-zuf8-6qbk

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.4.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.2

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.4.2

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.0-rc.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.5.0-rc.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.5.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.5.1

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.2

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.5.2

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.6.0-rc.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.6.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.6.0-rc.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.6.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.6.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.0-rc.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.0-rc.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.0-rc.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.0

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-dd7x-jkkf-gygv

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-qt6w-nqmu-57by

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.0

url pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.1

purl pkg:npm/%40openzeppelin/contracts-upgradeable@4.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-9pnw-9buy-5kab

vulnerability	VCID-hqyw-2vt2-tfcn

vulnerability	VCID-khsw-qwwk-cbhe

vulnerability	VCID-mshr-yc9h-jufk

vulnerability	VCID-n62w-34wv-rbdn

vulnerability	VCID-nz22-6jy1-x3bv

vulnerability	VCID-pxxa-n32x-4bcj

vulnerability	VCID-r1tt-p7t8-ufgh

vulnerability	VCID-rgdr-jxdc-hucn

vulnerability	VCID-wvaj-hpg7-jbag

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540openzeppelin/contracts-upgradeable@4.7.1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31198

reference_id

reference_type

scores

value	0.00266
scoring_system	epss
scoring_elements	0.50375
published_at	2026-06-07T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50394
published_at	2026-06-06T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50386
published_at	2026-06-05T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50346
published_at	2026-06-08T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50325
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31198

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/OpenZeppelin/openzeppelin-contracts

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:48Z/

url

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3561

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.2

reference_url

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-xrc4-737v-9q75

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:52:48Z/

url

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-xrc4-737v-9q75

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-31198

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-31198

reference_url

https://github.com/advisories/GHSA-xrc4-737v-9q75

reference_id

GHSA-xrc4-737v-9q75

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xrc4-737v-9q75

Weaknesses

cwe_id	682
name	Incorrect Calculation
description	The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9pnw-9buy-5kab

Vulnerability Instance