Vulnerability in Elrondnetwork Elrond-go
CVE-2022-36061
Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the…
Vulnerability class: Dirty Pipe (CVE-2022-0847)
EPSS: 0.004 (62.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.
Affected products
- Elrondnetwork Elrond-go — versions < 1.3.35
Weakness classification (CWE)
References
- github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg (x_refsource_CONFIRM)
- github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf5089294… (x_refsource_MISC)
- github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-36061?
- CVE-2022-36061 is a medium-severity vulnerability in Elrondnetwork Elrond-go, classified under Improper Initialization. CVSS score: 6.5/10. Published 2022-09-06.
- How severe is CVE-2022-36061?
- Medium severity. CVSS v3 base score is 6.5 out of 10.