Vulnerability Report: GO-2023-1881
- GHSA-w5w5-2882-47pc
- Affects: github.com/cosmos/cosmos-sdk
- Published: Jul 06, 2023
- Modified: Dec 14, 2023
If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is not charged. No patch will be released, as the package is planned to be deprecated and replaced.
For detailed information about this vulnerability, visit https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-w5w5-2882-47pc.
Affected Packages
-
PathVersionsSymbols
-
all versions, no known fixedall symbols
Aliases
References
- https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-w5w5-2882-47pc
- https://github.com/cosmos/cosmos-sdk/issues/15706
- https://vuln.go.dev/ID/GO-2023-1881.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.