GHSA-7xpv-4pm9-xch2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7xpv-4pm9-xch2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-7xpv-4pm9-xch2/GHSA-7xpv-4pm9-xch2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-7xpv-4pm9-xch2
- Aliases
- Related
- Published
- 2023-06-02T19:41:31Z
- Modified
- 2024-08-20T20:58:53.945684Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
- Summary
- mx-chain-go does not treat invalid transaction with wrong username correctly
- Details
-
Impact
Metachain cannot process a cross-shard miniblock. An invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version.
Patches
Introduce processIfTxErrorCrossShard for metachain transaction processor.
Workarounds
No
References
No
- Database specific
{ "nvd_published_at": "2023-05-31T18:15:09Z", "cwe_ids": [ "CWE-20" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-06-02T19:41:31Z" }- References
Affected packages
Go / github.com/multiversx/mx-chain-go
Package
- Name
- github.com/multiversx/mx-chain-go
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/multiversx/mx-chain-go