blob: 5e7e9dba5c1f892d0830797695fbff61650506d7 [file] [log] [blame]
id: GO-2023-1821
modules:
- module: github.com/cosmos/cosmos-sdk
vulnerable_at: 0.47.3
packages:
- package: github.com/cosmos/cosmos-sdk/x/crisis
summary: The x/crisis package does not cause chain halt in github.com/cosmos/cosmos-sdk
description: |-
If an invariant check fails on a Cosmos SDK network, and a transaction is sent
to the x/crisis package to halt the chain, the chain does not halt as originally
intended.
No patch will be released, as the package is planned to be deprecated and
replaced.
ghsas:
- GHSA-qfc5-6r3j-jj22
references:
- advisory: https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-qfc5-6r3j-jj22
- report: https://github.com/cosmos/cosmos-sdk/issues/15325
- report: https://github.com/cosmos/cosmos-sdk/issues/15706
review_status: REVIEWED