GHSA-9WXG-VF3R-56HC
Vulnerability from github – Published: 2026-06-19 17:45 – Updated: 2026-06-19 17:45Summary
The Contracts Wizard generators printed info.securityContact and info.license verbatim into a single-line comment of the generated Solidity, Cairo, Stellar/Soroban, and Stylus source without rejecting line terminators. A newline (\n or \r\n) in either field ends the comment, so the text after it is emitted as source rather than remaining inside the comment — allowing arbitrary declarations to be injected into the generated contract.
Impact
This only matters when these fields are filled from input other than the user who will use the generated contract. Normal self-service use does not meet that condition:
- Web app, AI assistant, and CLI: the user supplies these fields and uses their own output, so a line break only affects their own contract. (These fields are not URL-derived, so shared links cannot set them.)
- Self-hosted API: same — the end user supplies the options and consumes the result.
The case that matters is an integration that fills these fields from untrusted input — for example, an MCP agent whose tool arguments are derived from content it processed. There, a newline in the value can add lines to output that otherwise looks like normal Wizard source. Impact is integrity-only; there is no execution on any Wizard service.
Patches
Fixed by rejecting line terminators in setInfo — the single code path all surfaces use — so the value can no longer break out of the comment. Upgrade to the patched versions. @openzeppelin/wizard-confidential and @openzeppelin/wizard-uniswap-hooks reuse this setInfo through their @openzeppelin/wizard dependency and receive the fix once that dependency is updated to a patched version.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.10.10"
},
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/wizard"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.0"
},
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/wizard-cairo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.6.1"
},
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/wizard-stellar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.3.0"
},
"package": {
"ecosystem": "npm",
"name": "@openzeppelin/wizard-stylus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T17:45:15Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "## Summary\n\nThe Contracts Wizard generators printed `info.securityContact` and `info.license` verbatim into a single-line comment of the generated Solidity, Cairo, Stellar/Soroban, and Stylus source without rejecting line terminators. A newline (`\\n` or `\\r\\n`) in either field ends the comment, so the text after it is emitted as source rather than remaining inside the comment \u2014 allowing arbitrary declarations to be injected into the generated contract.\n\n## Impact\n\nThis only matters when these fields are filled from input other than the user who will use the generated contract. Normal self-service use does not meet that condition:\n\n- **Web app, AI assistant, and CLI:** the user supplies these fields and uses their own output, so a line break only affects their own contract. (These fields are not URL-derived, so shared links cannot set them.)\n- **Self-hosted API:** same \u2014 the end user supplies the options and consumes the result.\n\nThe case that matters is an integration that fills these fields from untrusted input \u2014 for example, an MCP agent whose tool arguments are derived from content it processed. There, a newline in the value can add lines to output that otherwise looks like normal Wizard source. Impact is integrity-only; there is no execution on any Wizard service.\n\n## Patches\n\nFixed by rejecting line terminators in `setInfo` \u2014 the single code path all surfaces use \u2014 so the value can no longer break out of the comment. Upgrade to the patched versions. `@openzeppelin/wizard-confidential` and `@openzeppelin/wizard-uniswap-hooks` reuse this `setInfo` through their `@openzeppelin/wizard` dependency and receive the fix once that dependency is updated to a patched version.",
"id": "GHSA-9wxg-vf3r-56hc",
"modified": "2026-06-19T17:45:15Z",
"published": "2026-06-19T17:45:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenZeppelin/contracts-wizard/security/advisories/GHSA-9wxg-vf3r-56hc"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenZeppelin/contracts-wizard"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenZeppelin Contracts Wizard: Line terminators in info.securityContact / info.license can inject lines into generated source"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.