Vulnerability Report: GO-2023-1881

GHSA-w5w5-2882-47pc
Affects: github.com/cosmos/cosmos-sdk
Published: Jul 06, 2023
Modified: May 20, 2024

If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is not charged. No patch will be released, as the package is planned to be deprecated and replaced.

For detailed information about this vulnerability, visit https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-w5w5-2882-47pc.

Affected Packages

Path

Go Versions

Symbols
github.com/cosmos/cosmos-sdk/x/crisis

all versions, no known fixed

all symbols

Aliases

GHSA-w5w5-2882-47pc

References

https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-w5w5-2882-47pc
https://github.com/cosmos/cosmos-sdk/issues/15706
https://vuln.go.dev/ID/GO-2023-1881.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL