github.com/elrondnetwork/elrond-go is vulnerable to privilege escalation. Read only calls between contracts may generate smart contract results due to insufficient checks, which allows remote attackers to elevate their privileges to an extent which the original smart contract programmers didn’t intend.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/elrondnetwork/elrond-go | le | v1.3.34 | |
github.com/elrondnetwork/elrond-go | le | v1.3.34 |
github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452
github.com/ElrondNetwork/elrond-go/commit/fc78258fe9d68078c9bbd5c6ceeb7f61a0deb1b4
github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35
github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg