Skip to content

CWA-2024-006: wasmd non-deterministic module_query_safe query

Moderate severity GitHub Reviewed Published Aug 21, 2024 in CosmWasm/wasmd • Updated Aug 21, 2024

Package

gomod github.com/CosmWasm/wasmd (Go)

Affected versions

= 0.52.0

Patched versions

0.53.0

Description

Component: wasmd
Criticality: Medium (ACMv1: I:Moderate; L:Likely)
Patched versions: wasmd 0.53.0

See CWA-2024-006 for more details.

References

@chipshort chipshort published to CosmWasm/wasmd Aug 21, 2024
Published to the GitHub Advisory Database Aug 21, 2024
Reviewed Aug 21, 2024
Last updated Aug 21, 2024

Severity

Moderate

EPSS score

Weaknesses

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-fpgj-cr28-fvpx

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.