PyPI package
openzeppelin-cairo-contracts
pkg:pypi/openzeppelin-cairo-contracts
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-23940 | — | >= 0.2.0, < 0.6.1 | 0.6.1 | Feb 3, 2023 | OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_ | ||
| CVE-2022-31153 | — | < 0.2.1 | 0.2.1 | Jul 15, 2022 | OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and ethereum |
- CVE-2023-23940Feb 3, 2023affected >= 0.2.0, < 0.6.1fixed 0.6.1
OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_
- CVE-2022-31153Jul 15, 2022affected < 0.2.1fixed 0.2.1
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and ethereum