{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:12:04.598","vulnerabilities":[{"cve":{"id":"CVE-2024-27094","sourceIdentifier":"security-advisories@github.com","published":"2024-03-21T02:52:18.063","lastModified":"2025-12-04T20:13:27.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6."},{"lang":"es","value":"OpenZeppelin Contracts es una librería para el desarrollo seguro de contratos inteligentes. La función `Base64.encode` codifica una entrada de `bytes` iterándola en fragmentos de 3 bytes. Cuando esta entrada no es múltiplo de 3, la última iteración puede leer partes de la memoria que están más allá del búfer de entrada. La vulnerabilidad se solucionó en 5.0.2 y 4.9.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openzeppelin:contracts:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.5.0","versionEndExcluding":"4.9.6","matchCriteriaId":"AFE4954A-1F77-4EAD-85B6-4FA68BA03719"},{"vulnerable":true,"criteria":"cpe:2.3:a:openzeppelin:contracts:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.2","matchCriteriaId":"2193380A-ABB6-42C3-8AE6-6A13D7B007E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openzeppelin:contracts_upgradeable:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.5.0","versionEndIncluding":"4.9.6","matchCriteriaId":"D1D3D69D-791D-4AA2-B751-A6300854BCCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:openzeppelin:contracts_upgradeable:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.2","matchCriteriaId":"972AD148-5CC7-48ED-AA55-CBB1149BAF23"}]}]}],"references":[{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}