GO-2023-1821

Source
https://pkg.go.dev/vuln/GO-2023-1821
Import Source
https://vuln.go.dev/ID/GO-2023-1821.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-1821
Aliases
Published
2023-07-05T17:29:41Z
Modified
2024-05-20T16:03:47Z
Summary
The x/crisis package does not cause chain halt in github.com/cosmos/cosmos-sdk
Details

If an invariant check fails on a Cosmos SDK network, and a transaction is sent to the x/crisis package to halt the chain, the chain does not halt as originally intended.

No patch will be released, as the package is planned to be deprecated and replaced.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2023-1821"
}
References

Affected packages

Go / github.com/cosmos/cosmos-sdk

Package

Name
github.com/cosmos/cosmos-sdk
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/cosmos-sdk

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/cosmos/cosmos-sdk/x/crisis"
        }
    ]
}