Home > Vulnerability Database > CVE-2022-35916

Mend.io Vulnerability Database

CVE-2022-35916

Good to know:

Date: August 1, 2022

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.

Language: JS

Severity Score

5.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-35916

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9j3m-g383-29qr

Url: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3578

Url: https://www.mend.io/vulnerability-database/CVE-2022-35916

Severity Score

5.3

Weakness Type (CWE)

Incorrect Resource Transfer Between Spheres

CWE-669

Top Fix

Upgrade Version

Upgrade to version @openzeppelin/contracts-upgradeable - 4.7.2, @openzeppelin/contracts - 4.7.2

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-35916

Good to know:

Date: August 1, 2022

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?