GMS-2021-27: UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeable

September 15, 2021

Upgradeable contracts using UUPSUpgradeable may be vulnerable to an attack affecting uninitialized implementation contracts. We will update this advisory with more information soon.

References

github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-q4h9-46xg-m3x9
github.com/advisories/GHSA-q4h9-46xg-m3x9

Code Behaviors & Features

Detect and mitigate GMS-2021-27 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →