How severe is CVE-2022-31198?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-31198?

This is classified as CWE-682, which is a common weakness in software security.

CVE-2022-31198 - HIGH Severity | CVSS 7.5

Vulnerability Description

OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum.

Related Vulnerabilities

CVE-2017-0819

HIGH

CVSS:7.5(High)

A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.

CWE-6822017

CVE-2018-14439

HIGH

CVSS:7.5(High)

espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency t...

CWE-6822018

CVE-2018-18225

HIGH

CVSS:7.5(High)

In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.

CWE-6822018

CVE-2018-20999

HIGH

CVSS:7.5(High)

An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.

CWE-6822018

CVE-2019-17514

HIGH

CVSS:7.5(High)

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: ...

CWE-6822019

CVE-2020-26240

HIGH

CVSS:7.5(High)

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate P...

CWE-6822020