One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 3651472 |
| Date de publication | 2021-11-12 18:15:07 (vue: 2021-11-12 20:05:41) |
| Titre | CVE-2021-41264 |
| Texte | OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301). |
| Notes | |
| Envoyé | Oui |
| Condensat | 2021 41264 `@openzeppelin/contracts `@openzeppelin/contracts` `initialize` `uupsupgradeable` advisory affected affecting attack called com/t/security contract contracts contracts/15301 cve development example fix forum function https://forum implementation included initialize initializer invoking library may openzeppelin provided smart unable uninitialized upgrade; upgradeable upgradeable` users using usually uups version versions vulnerable |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.