Lucene search
K

4 matches found

OSV
OSV
added 2026/05/21 4:53 p.m.8 views

GHSA-JC6W-WMFC-FH33 Klever-Go KVM read-only execution can commit contract delete and upgrade side effects

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...

6.3CVSS6AI score0.00057EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/21 4:53 p.m.14 views

Klever-Go KVM read-only execution can commit contract delete and upgrade side effects

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...

6AI score0.00057EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.9 views

PT-2026-42630

Publisher note Fixed in v1.7.17. Operators running v1.7.17 should upgrade. Contract delete and upgrade host-core paths now reject execution when runtime.ReadOnly is true. The invariant is regression-tested for delete, upgrade, storage writes, value transfers, and any VM output field that can late...

6.3CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42661

Name of the Vulnerable Software and Affected Versions klever-go versions prior to 1.7.17 Description KVM read-only execution fails to properly isolate state-changing operations. The ExecuteReadOnlyWithTypedArguments function sets the runtime to read-only mode, but the host-core paths for contract...

6.3CVSS6AI score0.00057EPSS
Exploits0References6
Rows per page
Query Builder