Shared-library version with known-vuln status

Fluid's assessment for RD-F-135 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

OZ 4.8.2: GHSA-878m-3g6q-594q (CVE-2023-26488) is patched IN 4.8.2, not a vulnerability. GHSA-5vp3-v4hc-gx76 (UUPS Critical) fixed in 4.3.2 — 4.8.2 is safe. TimelockController advisory does not apply (protocol uses AdminModule not OZ TimelockController). No active high/critical advisory for OZ 4.8.2 in this codebase.

Sources #

URL
OZ CVE-2023-26488 AdvisoryGHSA-878m-3g6q-594q — patched IN 4.8.2retrieved 2026-04-29
URL
OZ UUPS AdvisoryGHSA-5vp3-v4hc-gx76 — fixed in 4.3.2; 4.8.2 saferetrieved 2026-04-29

Methodology #

Identify the version of key shared libraries (OZ, Solady, Solmate) used and check against CVE/GHSA databases for any active advisory.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol fluid factor RD-F-135 score green collected_at 2026-04-29 10:35:01