GO-2023-1821

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2023-1821

Import Source

https://vuln.go.dev/ID/GO-2023-1821.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2023-1821

Aliases

GHSA-qfc5-6r3j-jj22

Published

2023-07-05T17:29:41Z

Modified

2024-05-20T16:03:47Z

Summary

The x/crisis package does not cause chain halt in github.com/cosmos/cosmos-sdk

Details

If an invariant check fails on a Cosmos SDK network, and a transaction is sent to the x/crisis package to halt the chain, the chain does not halt as originally intended.

No patch will be released, as the package is planned to be deprecated and replaced.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2023-1821"
}

References

Affected packages

Go / github.com/cosmos/cosmos-sdk

Package

Name: github.com/cosmos/cosmos-sdk; View open source insights on deps.dev
Purl: pkg:golang/github.com/cosmos/cosmos-sdk

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/cosmos/cosmos-sdk/x/crisis"
        }
    ]
}