Name of the Vulnerable Software and Affected Versions: @openzeppelin/contracts versions prior to 4.3.3 @openzeppelin/contracts-upgradeable versions prior to 4.3.3

Description: The issue arises when ERC1155 tokens are minted and a callback is invoked on the receiver, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of tokens in circulation. If a system relies on accurately reported supply, an attacker may be able to mint tokens and invoke that system after receiving the token balance but before the supply is updated.

Recommendations: For @openzeppelin/contracts versions prior to 4.3.3, update to version 4.3.3 to resolve the issue. For @openzeppelin/contracts-upgradeable versions prior to 4.3.3, update to version 4.3.3 to resolve the issue. As a temporary workaround, do not mint tokens to untrusted receivers if accurate supply is relevant.