Description

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.

Remediation

References

https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3578

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9j3m-g383-29qr

Related Vulnerabilities

CVE-2022-41934 Vulnerability in maven package org.xwiki.platform:xwiki-platform-menu-ui

CVE-2017-5858 Vulnerability in npm package converse.js

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-standalone-server

CVE-2007-5333 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2019-10746 Vulnerability in maven package org.webjars.npm:mixin-deep

Severity

Medium

Classification

CWE-669 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Patch Third Party Advisory