CVE-2022-35916

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-35916
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35916.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-35916
Aliases
Related
Published
2022-08-01T21:15:13Z
Modified
2024-11-21T07:11:57Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/openzeppelin/openzeppelin-contracts

Affected ranges

Type
GIT
Repo
https://github.com/openzeppelin/openzeppelin-contracts
Events
Introduced
d4fb3a89f9d0a39c7ee6f2601d33ffbf30085322
Fixed
64e48203cecad94f02de9891ecdeed4d629c6dae
Type
GIT
Repo
https://github.com/openzeppelin/openzeppelin-contracts-upgradeable
Events
Introduced
51e11611c40ec1ad772e2a075cdc8487bbadf8ad
Fixed
12ad9ea7c8e8e78f6eba9ad71ad156645d3c5b4c