GHSA-x5vx-95h7-rv4p: Cosmos SDK: Groups module can halt chain when handling a malicious proposal
Name: ASA-2025-003: Groups module can halt chain when handling a malicious proposal Component: CosmosSDK Criticality: High (Considerable Impact; Likely Likelihood per ACMv1.2) Affected versions: <= v0.47.15, <= 0.50.11 Affected users: Validators, Full nodes, Users on chains that utilize the groups module
References
- github.com/advisories/GHSA-x5vx-95h7-rv4p
- github.com/cosmos/cosmos-sdk
- github.com/cosmos/cosmos-sdk/commit/0a98b65b24900a0e608866c78f172cf8e4140aea
- github.com/cosmos/cosmos-sdk/releases/tag/v0.47.16
- github.com/cosmos/cosmos-sdk/releases/tag/v0.50.12
- github.com/cosmos/cosmos-sdk/security/advisories/GHSA-x5vx-95h7-rv4p
Code Behaviors & Features
Detect and mitigate GHSA-x5vx-95h7-rv4p with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →