Описание
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.0 (исключая)
cpe:2.3:a:cosmwasm:cosmwasm:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 69%
0.00608
Низкий
7.5 High
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 6.5
github
11 месяцев назад
CosmWasm Allows Bypass of Capability Restrictions in Blockchains
EPSS
Процентиль: 69%
0.00608
Низкий
7.5 High
CVSS3
Дефекты
CWE-284