Skip to content

Commit

Permalink
Merge pull request #56 from CosmWasm/add-gh-advisories
Browse files Browse the repository at this point in the history 
Add titles and GitHub advisories to CWA-2024-007 and CWA-2024-008
  • Loading branch information
@webmaster128
webmaster128 authored Dec 10, 2024
2 parents c24d946 + 7f085ce commit 166a4c9
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 13 deletions.
2 changes: 1 addition & 1 deletion CWAs/CWA-2024-007.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# CWA-2024-007
# CWA-2024-007: Incorrect metering

**Severity**

Expand Down
2 changes: 1 addition & 1 deletion CWAs/CWA-2024-008.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# CWA-2024-008
# CWA-2024-008: Panic in wasmvm can slow down block production

**Severity**

Expand Down
24 changes: 13 additions & 11 deletions CWAs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,17 @@

## 2024

| Severity[^1] | Scope[^2] | ID | Aliases |
| ------------ | --------- | ----------------------------------------------------------------------- | ------------------------------------------ |
| Low | VM | [CWA-2024-009][CWA-2024-009] |
| Medium | VM | [CWA-2024-008][CWA-2024-008] | |
| Medium | VM | [CWA-2024-007][CWA-2024-007] | |
| Medium | x/wasm | [CWA-2024-006: Non-deterministic module_query_safe query][CWA-2024-006] | [GHSA-fpgj-cr28-fvpx] |
| High | x/wasm | [CWA-2024-005: Stackoverflow in wasmd][CWA-2024-005] | [GHSA-g8w7-7vgg-x7xg] |
| Medium | VM | [CWA-2024-004: Gas mispricing in cosmwasm-vm][CWA-2024-004] | [RUSTSEC-2024-0361], [GHSA-rg2q-2jh9-447q] |
| Low | x/wasm | [CWA-2024-003: Large address count in ValidateBasic][CWA-2024-003] | [GHSA-m3rh-cvr5-x6q4] |
| Medium | Contracts | [CWA-2024-002: Arithmetic overflows in cosmwasm-std][CWA-2024-002] | [RUSTSEC-2024-0338], [GHSA-8724-5xmm-w5xq] |
| Low | Contracts | [CWA-2024-001: Stack overflow in serde-json-wasm][CWA-2024-001] | [RUSTSEC-2024-0012], [GHSA-rr69-rxr6-8qwf] |
| Severity[^1] | Scope[^2] | ID | Aliases |
| ------------ | --------- | ---------------------------------------------------------------------------- | ------------------------------------------ |
| Low | VM | [CWA-2024-009][CWA-2024-009] |
| Medium | VM | [CWA-2024-008: Panic in wasmvm can slow down block production][CWA-2024-008] | [GHSA-vmqh-5232-v43r] |
| Medium | VM | [CWA-2024-007: Incorrect metering][CWA-2024-007] | [GHSA-2q97-m5rc-p3gp] |
| Medium | x/wasm | [CWA-2024-006: Non-deterministic module_query_safe query][CWA-2024-006] | [GHSA-fpgj-cr28-fvpx] |
| High | x/wasm | [CWA-2024-005: Stackoverflow in wasmd][CWA-2024-005] | [GHSA-g8w7-7vgg-x7xg] |
| Medium | VM | [CWA-2024-004: Gas mispricing in cosmwasm-vm][CWA-2024-004] | [RUSTSEC-2024-0361], [GHSA-rg2q-2jh9-447q] |
| Low | x/wasm | [CWA-2024-003: Large address count in ValidateBasic][CWA-2024-003] | [GHSA-m3rh-cvr5-x6q4] |
| Medium | Contracts | [CWA-2024-002: Arithmetic overflows in cosmwasm-std][CWA-2024-002] | [RUSTSEC-2024-0338], [GHSA-8724-5xmm-w5xq] |
| Low | Contracts | [CWA-2024-001: Stack overflow in serde-json-wasm][CWA-2024-001] | [RUSTSEC-2024-0012], [GHSA-rr69-rxr6-8qwf] |

[CWA-2024-009]: ./CWA-2024-009.md
[CWA-2024-008]: ./CWA-2024-008.md
Expand All @@ -32,6 +32,8 @@
[GHSA-m3rh-cvr5-x6q4]: https://github.com/advisories/GHSA-m3rh-cvr5-x6q4
[GHSA-g8w7-7vgg-x7xg]: https://github.com/advisories/GHSA-g8w7-7vgg-x7xg
[GHSA-fpgj-cr28-fvpx]: https://github.com/advisories/GHSA-fpgj-cr28-fvpx
[GHSA-2q97-m5rc-p3gp]: https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-2q97-m5rc-p3gp
[GHSA-vmqh-5232-v43r]: https://github.com/CosmWasm/wasmvm/security/advisories/GHSA-vmqh-5232-v43r

## 2023

Expand Down

0 comments on commit 166a4c9

Please sign in to comment.