GHSA-6447-269v-g68m: Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain

May 6, 2026

Note: the fixed version of the validator client has been deployed for some time.

References

github.com/advisories/GHSA-6447-269v-g68m
github.com/mezo-org/mezod
github.com/mezo-org/mezod/security/advisories/GHSA-6447-269v-g68m

Code Behaviors & Features

Detect and mitigate GHSA-6447-269v-g68m with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →