x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-95rx-m9m5-m94v #2638

GoVulnBot · 2024-03-12T16:01:28Z

In GitHub Security Advisory GHSA-95rx-m9m5-m94v, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/cosmos/cosmos-sdk	0.50.5	>= 0.50.0, <= 0.50.4

Cross references:

Module github.com/cosmos/cosmos-sdk appears in issue x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: CVE-2021-41135 #255 NOT_IMPORTABLE
Module github.com/cosmos/cosmos-sdk appears in issue x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-23px-mw2p-46qm #2047 NOT_IMPORTABLE
Module github.com/cosmos/cosmos-sdk appears in issue x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-qfc5-6r3j-jj22 #1821
Module github.com/cosmos/cosmos-sdk appears in issue x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk #1861
Module github.com/cosmos/cosmos-sdk appears in issue x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-w5w5-2882-47pc #1881
Module github.com/cosmos/cosmos-sdk appears in issue x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-86h5-xcpx-cfqc #2584

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/cosmos/cosmos-sdk
      versions:
        - introduced: TODO (earliest fixed "0.50.5", vuln range ">= 0.50.0, <= 0.50.4")
      packages:
        - package: github.com/cosmos/cosmos-sdk
summary: |-
    ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow
    incorrect voting power assumptions
ghsas:
    - GHSA-95rx-m9m5-m94v
references:
    - advisory: https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-95rx-m9m5-m94v
    - fix: https://github.com/cosmos/cosmos-sdk/commit/4467110df40797ebe916c23ebfd45c9ee7583897
    - web: https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.5
    - advisory: https://github.com/advisories/GHSA-95rx-m9m5-m94v

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-29T17:36:28Z

Change https://go.dev/cl/582358 mentions this issue: data/reports: batch add 11 unreviewed reports

gopherbot · 2024-05-10T20:42:12Z

Change https://go.dev/cl/584757 mentions this issue: data/reports: add GO-2024-2638.yaml

tatianab self-assigned this Mar 12, 2024

gopherbot closed this as completed in fa12a23 May 10, 2024

GoVulnBot mentioned this issue Dec 16, 2024

x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-8wcc-m6j2-qxvm #3339

Closed

GoVulnBot mentioned this issue Feb 20, 2025

x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-x5vx-95h7-rv4p #3476

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-95rx-m9m5-m94v #2638

x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-95rx-m9m5-m94v #2638

GoVulnBot commented Mar 12, 2024

gopherbot commented Apr 29, 2024

gopherbot commented May 10, 2024

x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-95rx-m9m5-m94v #2638

x/vulndb: potential Go vuln in github.com/cosmos/cosmos-sdk: GHSA-95rx-m9m5-m94v #2638

Comments

GoVulnBot commented Mar 12, 2024

gopherbot commented Apr 29, 2024

gopherbot commented May 10, 2024