diff --git a/CWAs/CWA-2024-001.md b/CWAs/CWA-2024-001.md index 1a99102..3dc82e1 100644 --- a/CWAs/CWA-2024-001.md +++ b/CWAs/CWA-2024-001.md @@ -2,7 +2,7 @@ **Severity** -Low +Low[^1] **Affected versions:** serde-json-wasm < 1.0.1, < 0.5.2 **Patched versions:** serde-json-wasm 1.0.1, 0.5.2 @@ -38,3 +38,5 @@ program by reporting a bug, please see . - 2024-01-24: [Submitted to](https://github.com/rustsec/advisory-db/pull/1867) RustSec Advisory Database - 2024-02-01: Advisory published - 2024-02-09: RustSec Advisory Database entry created ([RUSTSEC-2024-0012](https://rustsec.org/advisories/RUSTSEC-2024-0012.html)) + +[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md diff --git a/CWAs/CWA-2024-002.md b/CWAs/CWA-2024-002.md index 3b785b5..01cde53 100644 --- a/CWAs/CWA-2024-002.md +++ b/CWAs/CWA-2024-002.md @@ -2,7 +2,7 @@ **Severity** -Medium +Medium[^1] **Affected versions:** @@ -47,3 +47,5 @@ Affected if `overflow-checks = true` is not set: - 2024-04-22: The upcoming patch is announced through the CosmWasm advisories notification list and publicly on X (https://twitter.com/CosmWasm/status/1782439624608030771). - 2024-04-24: The patch is released. - 2024-04-24: RustSec Advisory Database entry created ([RUSTSEC-2024-0338](https://rustsec.org/advisories/RUSTSEC-2024-0338.html)) + +[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md diff --git a/CWAs/CWA-2024-003.md b/CWAs/CWA-2024-003.md index c12683e..1581605 100644 --- a/CWAs/CWA-2024-003.md +++ b/CWAs/CWA-2024-003.md @@ -2,7 +2,7 @@ **Severity** -Low (Moderate + Unlikely) +Low (Moderate + Unlikely)[^1] **Affected versions:** @@ -75,3 +75,5 @@ program by reporting a bug, please see . - 2024-04-21: Bug reported via Cosmos HackerOne - 2024-04-25: A patch was created internally - 2024-07-11: The patch is published and released with wasmd 0.52 + +[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md diff --git a/CWAs/CWA-2024-004.md b/CWAs/CWA-2024-004.md index ae95d5c..13edc16 100644 --- a/CWAs/CWA-2024-004.md +++ b/CWAs/CWA-2024-004.md @@ -2,7 +2,7 @@ **Severity** -Medium (Moderate + Likely) +Medium (Moderate + Likely)[^1] **Affected versions:** @@ -63,3 +63,5 @@ program by reporting a bug, please see . - 2024-08-02: Confio developed the patch internally. - 2024-08-08: Patch released - 2024-08-08: Updated patched versions to ones that will invalidate the cache + +[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md diff --git a/CWAs/CWA-2024-005.md b/CWAs/CWA-2024-005.md index 5d9606d..71b8aa2 100644 --- a/CWAs/CWA-2024-005.md +++ b/CWAs/CWA-2024-005.md @@ -2,7 +2,7 @@ **Severity** -High (Critical + Likely) +High (Critical + Likely)[^1] **Affected versions:** @@ -46,3 +46,5 @@ program by reporting a bug, please see . - 2024-08-19: Patch release announced though notifications list. - 2024-08-20: Patch release announced on X: . - 2024-08-21: Patch released. + +[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md diff --git a/CWAs/CWA-2024-006.md b/CWAs/CWA-2024-006.md index 2419c91..5ec005c 100644 --- a/CWAs/CWA-2024-006.md +++ b/CWAs/CWA-2024-006.md @@ -2,7 +2,7 @@ **Severity** -Medium (Moderate + Likely) +Medium (Moderate + Likely)[^1] **Affected versions:** @@ -61,3 +61,5 @@ program by reporting a bug, please see . - 2024-08-19: Patch release announced though notifications list. - 2024-08-20: Patch release announced on X: . - 2024-08-21: Patch released. + +[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md diff --git a/CWAs/README.md b/CWAs/README.md index 2fedff0..27f2fbd 100644 --- a/CWAs/README.md +++ b/CWAs/README.md @@ -67,6 +67,6 @@ [CWA-2021-002]: ./CWA-2021-002.md [CWA-2021-001]: ./CWA-2021-001.md -[^1]: following Amulet's Severity Classification Framework: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md +[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md [^2]: Contracts: everything compiled into Wasm (comswasm-std, other contract libraries); VM: everything executing contracts (cosmwasm-vm, wasmvm); x/wasm: integration of the VM into the chain (wasmd)