Openzeppelin: >> Contracts Upgradeable >> 5.0.1 Security Vulnerabilities
OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.
CVSS Score
6.5
EPSS Score
0.006
Published
2024-03-21