Vulnerability Report: GO-2023-1821

GHSA-qfc5-6r3j-jj22
Affects: github.com/cosmos/cosmos-sdk
Published: Jul 05, 2023

If an invariant check fails on a Cosmos SDK network, and a transaction is sent to the x/crisis package to halt the chain, the chain does not halt as originally intended. No patch will be released, as the package is planned to be deprecated and replaced.

For detailed information about this vulnerability, visit https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-qfc5-6r3j-jj22.

Affected Packages

Path

Versions

Symbols
github.com/cosmos/cosmos-sdk/x/crisis

all versions, no known fixed

all symbols

Aliases

GHSA-qfc5-6r3j-jj22

References

https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-qfc5-6r3j-jj22
https://github.com/cosmos/cosmos-sdk/issues/15325
https://github.com/cosmos/cosmos-sdk/issues/15706
https://vuln.go.dev/ID/GO-2023-1821.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL