Skip to content

Commit e2ab284

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent 5de6792 commit e2ab284

File tree

1 file changed

+71
-0
lines changed

1 file changed

+71
-0
lines changed

advisories/github-reviewed/2025/10/GHSA-8pfh-j44r-f654/GHSA-8pfh-j44r-f654.json

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8pfh-j44r-f654",
4+
"modified": "2025-10-21T18:04:34Z",
5+
"published": "2025-10-21T18:04:34Z",
6+
"aliases": [],
7+
"summary": "Cosmos EVM Vulnerability",
8+
"details": "## Patches\nPatched in versions `v0.3.1`, `v0.4.2`, and in the `v0.5.0` release. More information will be disclosed at a later point to ensure chains have time to safely upgrade.\n\n## Workarounds\nNo workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended.\n\n## Testing\nTests are introduced in every affected version.\n\n## Credits\nSpecial thanks to @yihuang for the help on this issue.",
9+
"severity": [],
10+
"affected": [
11+
{
12+
"package": {
13+
"ecosystem": "Go",
14+
"name": "github.com/cosmos/evm"
15+
},
16+
"ranges": [
17+
{
18+
"type": "ECOSYSTEM",
19+
"events": [
20+
{
21+
"introduced": "0.3.0"
22+
},
23+
{
24+
"fixed": "0.3.2"
25+
}
26+
]
27+
}
28+
]
29+
},
30+
{
31+
"package": {
32+
"ecosystem": "Go",
33+
"name": "github.com/cosmos/evm"
34+
},
35+
"ranges": [
36+
{
37+
"type": "ECOSYSTEM",
38+
"events": [
39+
{
40+
"introduced": "0.4.0"
41+
},
42+
{
43+
"fixed": "0.4.2"
44+
}
45+
]
46+
}
47+
]
48+
}
49+
],
50+
"references": [
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/cosmos/evm/security/advisories/GHSA-8pfh-j44r-f654"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://github.com/cosmos/evm/commit/79089feebe79ce1f35250ba457cbd436e6bfff8b"
58+
},
59+
{
60+
"type": "PACKAGE",
61+
"url": "https://github.com/cosmos/evm"
62+
}
63+
],
64+
"database_specific": {
65+
"cwe_ids": [],
66+
"severity": "CRITICAL",
67+
"github_reviewed": true,
68+
"github_reviewed_at": "2025-10-21T18:04:34Z",
69+
"nvd_published_at": null
70+
}
71+
}

0 commit comments

Comments
 (0)