Lucene search
Veracode Vulnerability DatabaseVERACODE:36958HistorySep 07, 2022 - 3:35 a.m.
Privilege Escalation
2022-09-0703:35:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
github vulnerability privilege escalation remote attackers smart contract
0.002 Low
EPSS
Percentile
62.3%
github.com/elrondnetwork/elrond-go is vulnerable to privilege escalation. Read only calls between contracts may generate smart contract results due to insufficient checks, which allows remote attackers to elevate their privileges to an extent which the original smart contract programmers didn’t intend.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/elrondnetwork/elrond-go | le | v1.3.34 | |
| github.com/elrondnetwork/elrond-go | le | v1.3.34 |
References
github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452
github.com/ElrondNetwork/elrond-go/commit/fc78258fe9d68078c9bbd5c6ceeb7f61a0deb1b4
github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35
github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg
Related
prion
prion
Code injection
2022-09-06 21:15:00
osv
osv
Elrond-go has improper initialization
2022-09-16 21:21:43
CVE-2022-36061
2022-09-06 21:15:08
github
github
Elrond-go has improper initialization
2022-09-16 21:21:43
nvd
nvd
CVE-2022-36061
2022-09-06 21:15:08
cvelist
cvelist
CVE-2022-36061 Elrond go can execute on same context checks in VM
2022-09-06 20:35:10
gitlab
gitlab
Improper Initialization
2022-09-06 00:00:00
cve
cve
CVE-2022-36061
2022-09-06 21:15:08