blob: 9eacd19bb129ae50dbc7d9a7656d4e12bd950a63 [file] [log] [blame]
id: GO-2023-1821
modules:
- module: github.com/cosmos/cosmos-sdk
vulnerable_at: 0.47.3
packages:
- package: github.com/cosmos/cosmos-sdk/x/crisis
summary: The x/crisis package does not cause chain halt in github.com/cosmos/cosmos-sdk
description: |-
If an invariant check fails on a Cosmos SDK network, and a transaction is sent
to the x/crisis package to halt the chain, the chain does not halt as originally
intended.
No patch will be released, as the package is planned to be deprecated
and replaced.
ghsas:
- GHSA-qfc5-6r3j-jj22
references:
- advisory: https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-qfc5-6r3j-jj22
- report: https://github.com/cosmos/cosmos-sdk/issues/15325
- report: https://github.com/cosmos/cosmos-sdk/issues/15706