Опубликовано: 18 мар. 2025
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.5
Описание
CosmWasm Allows Bypass of Capability Restrictions in Blockchains
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.
Пакеты
Наименование
cosmwasm
rust
Затронутые версииВерсия исправления
< 2.2.0
2.2.0
EPSS
Процентиль: 69%
0.00608
Низкий
5.3 Medium
CVSS4
6.5 Medium
CVSS3
CVE ID
Дефекты
CWE-284
CWE-306
Связанные уязвимости
CVSS3: 7.5
nvd
11 месяцев назад
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.
EPSS
Процентиль: 69%
0.00608
Низкий
5.3 Medium
CVSS4
6.5 Medium
CVSS3
CVE ID
Дефекты
CWE-284
CWE-306