CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39167 – TimelockController vulnerability in OpenZeppelin Contracts
https://notcve.org/view.php?id=CVE-2021-39167
26 Aug 2021 — OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. • https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39168 – TimelockController vulnerability in OpenZeppelin Contracts
https://notcve.org/view.php?id=CVE-2021-39168
26 Aug 2021 — OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. • https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8 • CWE-269: Improper Privilege Management •