GO-2023-1881

See a problem?
Please try reporting it to the source first.
Source
https://pkg.go.dev/vuln/GO-2023-1881
Import Source
https://vuln.go.dev/ID/GO-2023-1881.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-1881
Aliases
Published
2023-07-06T20:13:03Z
Modified
2024-05-20T16:03:47Z
Summary
The x/crisis package does not charge ConstantFee in github.com/cosmos/cosmos-sdk
Details

If a transaction is sent to the x/crisis module to check an invariant, the ConstantFee parameter of the chain is not charged.

No patch will be released, as the package is planned to be deprecated and replaced.

Database specific 
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2023-1881"
}
References

Affected packages

Go / github.com/cosmos/cosmos-sdk

Package

Name
github.com/cosmos/cosmos-sdk
View open source insights on deps.dev
Purl
pkg:golang/github.com/cosmos/cosmos-sdk

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Ecosystem specific 

{
    "imports": [
        {
            "path": "github.com/cosmos/cosmos-sdk/x/crisis"
        }
    ]
}

Database specific

source

"https://vuln.go.dev/ID/GO-2023-1881.json"