data/reports/GO-2023-1881.yaml - vulndb - Git at Google

 id: GO-2023-1881
 modules:
     - module: github.com/cosmos/cosmos-sdk
       vulnerable_at: 0.47.3
       packages:
         - package: github.com/cosmos/cosmos-sdk/x/crisis
 summary: The x/crisis package does not charge ConstantFee in github.com/cosmos/cosmos-sdk
 description: |-
     If a transaction is sent to the `x/crisis` module to check an invariant, the
     ConstantFee parameter of the chain is not charged.

     No patch will be released, as the package is planned to be deprecated and
     replaced.
 ghsas:
     - GHSA-w5w5-2882-47pc
 references:
     - advisory: https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-w5w5-2882-47pc
     - report: https://github.com/cosmos/cosmos-sdk/issues/15706
	id: GO-2023-1881
	modules:
	- module: github.com/cosmos/cosmos-sdk
	vulnerable_at: 0.47.3
	packages:
	- package: github.com/cosmos/cosmos-sdk/x/crisis
	summary: The x/crisis package does not charge ConstantFee in github.com/cosmos/cosmos-sdk
	description: \|-
	If a transaction is sent to the `x/crisis` module to check an invariant, the
	ConstantFee parameter of the chain is not charged.

	No patch will be released, as the package is planned to be deprecated and
	replaced.
	ghsas:
	- GHSA-w5w5-2882-47pc
	references:
	- advisory: https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-w5w5-2882-47pc
	- report: https://github.com/cosmos/cosmos-sdk/issues/15706