cvedb.io
CVE-2022-35916
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2022-08-01T21:15:13.753 · Last modified 2026-06-17T04:52:30.877

Summary

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue.

Affected products

openzeppelin — contracts

Does this affect you?

Add your gear to cvedb and we'll alert you only when openzeppelin ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.