High severityNVD Advisory· Published Feb 4, 2022· Updated Aug 4, 2024
CVE-2021-46320
CVE-2021-46320
Description
In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@openzeppelin/contractsnpm | < 4.4.1 | 4.4.1 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-88g8-f5mf-f5rjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-46320ghsaADVISORY
- github.com/OpenZeppelin/openzeppelin-contracts/pull/3006ghsaWEB
- github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.4.1ghsaWEB
- github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9c22-pwxw-p6hxghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.