GHSA-4wf3-5qj9-368v: IBC-Go: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt

March 12, 2025

Name: ISA-2025-001: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: High (Considerable Impact; Likely Likelihood per ACMv1.2) Affected versions: IBC-Go >= v7; Earlier IBC-Go versions MAY also be affected. Affected users: Validators, Full nodes, IBC Middleware authors

References

github.com/advisories/GHSA-4wf3-5qj9-368v
github.com/cosmos/ibc-go
github.com/cosmos/ibc-go/releases/tag/v7.10.0
github.com/cosmos/ibc-go/releases/tag/v8.7.0
github.com/cosmos/ibc-go/security/advisories/GHSA-4wf3-5qj9-368v

Code Behaviors & Features

Detect and mitigate GHSA-4wf3-5qj9-368v with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →