-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/ElrondNetwork/elrond-go: CVE-2022-36061 #971
Labels
excluded: NOT_IMPORTABLE
This vulnerability only exists in a binary and is not importable.
Comments
julieqiu
added
excluded: NOT_IMPORTABLE
This vulnerability only exists in a binary and is not importable.
and removed
NeedsTriage
labels
Sep 12, 2022
Vulnerability in tool. |
Change https://go.dev/cl/430360 mentions this issue: |
Change https://go.dev/cl/592774 mentions this issue: |
Change https://go.dev/cl/607229 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
- data/reports/GO-2022-0922.yaml - data/reports/GO-2022-0923.yaml - data/reports/GO-2022-0924.yaml - data/reports/GO-2022-0925.yaml - data/reports/GO-2022-0928.yaml - data/reports/GO-2022-0929.yaml - data/reports/GO-2022-0933.yaml - data/reports/GO-2022-0936.yaml - data/reports/GO-2022-0937.yaml - data/reports/GO-2022-0938.yaml - data/reports/GO-2022-0939.yaml - data/reports/GO-2022-0953.yaml - data/reports/GO-2022-0959.yaml - data/reports/GO-2022-0960.yaml - data/reports/GO-2022-0964.yaml - data/reports/GO-2022-0970.yaml - data/reports/GO-2022-0971.yaml - data/reports/GO-2022-0981.yaml - data/reports/GO-2022-0982.yaml - data/reports/GO-2022-0983.yaml Updates #922 Updates #923 Updates #924 Updates #925 Updates #928 Updates #929 Updates #933 Updates #936 Updates #937 Updates #938 Updates #939 Updates #953 Updates #959 Updates #960 Updates #964 Updates #970 Updates #971 Updates #981 Updates #982 Updates #983 Change-Id: I2c7e7a823ba3bf18dab1234a40c08ac4825903f6 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607229 LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Commit-Queue: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2022-36061 references github.com/ElrondNetwork/elrond-go, which may be a Go module.
Description:
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds.
References:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: