OpenZeppelin/openzeppelin-contracts-upgradeable

Releases150

Frequency3 weeks 1 day

Last Release 3 months ago

Stars1.17K

Upgradeable variant of OpenZeppelin Contracts, meant for use in upgradeable contracts.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-27094 ↗	Mar 21, 2024Thursday, 21 March 2024, 02:52	6.5 MEDIUM	—
OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.