How severe is CVE-2023-40014?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-40014?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2023-40014 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.

Related Vulnerabilities

CVE-2018-20586

MEDIUM

CVSS:5.3(Medium)

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.

CWE-1162018

CVE-2019-11717

MEDIUM

CVSS:5.3(Medium)

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulne...

CWE-1162019

CVE-2019-15944

MEDIUM

CVSS:5.3(Medium)

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message.

CWE-1162019

CVE-2019-19714

MEDIUM

CVSS:5.3(Medium)

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

CWE-1162019

CVE-2019-3571

MEDIUM

CVSS:5.3(Medium)

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.

CWE-1162019

CVE-2020-24592

MEDIUM

CVSS:5.3(Medium)

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.

CWE-1162020