logo

Database

Insufficient data authenticity validation In @openzeppelin/contracts

Description

Improper Verification of Cryptographic Signature

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-239402. NVD-2023-239403. OSV-2023-239404. GHSA-626q-v9j4-mcp45. GCVE-2023-239406. GHSA-626q-v9j4-mcp4

References

1. https://github.com/OpenZeppelin/cairo-contracts/pull/542/commits/6d4cb750478fca2fd916f73297632f899aca92992. https://github.com/OpenZeppelin/cairo-contracts/security/advisories/GHSA-626q-v9j4-mcp43. https://github.com/pypa/advisory-database/tree/main/vulns/openzeppelin-cairo-contracts/PYSEC-2023-39.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.