ThirdWeb factory contracts have been compromised, anyone know what open source library they're referring to? Is it OpenZeppelin?

Title.

https://blog.thirdweb.com/security-vulnerability/

They discovered it Nov. 21st, they claim it hasn't been exploited on any of their contracts. It impacts basically all of their factory contracts before Nov. 21st and they're having partners basically lock the contract, snapshot, and create a new contract, then airdrop tokens to all the token owners on the snapshot. From what I can gather a bad actor can utilize transfer functions on the vulnerable contract.

They mention a popular opensource library and looking at the code the only one that jumps out is OpenZepplin (I'm not an engineer FYI so I could 100% be wrong)

Does anyone know any further information about this?

​