{"url":"http://public2.vulnerablecode.io/api/packages/381347?format=json","purl":"pkg:golang/github.com/cosmos/cosmos-sdk@0.47.3","type":"golang","namespace":"github.com/cosmos","name":"cosmos-sdk","version":"0.47.3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.47.9","latest_non_vulnerable_version":"0.53.3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361099?format=json","vulnerability_id":"VCID-s8qb-pvdt-47cf","summary":"Duplicate Advisory: Cosmos \"Barberry\" vulnerability in github.com/cosmos/cosmos-sdk\n## Withdrawn\n\nThis advisory has been withdrawn because it is a duplicate of GHSA-j2cr-jc39-wpx5. This link is maintained to preserve external references.\n\n## Original Description\n\nThe cosmos-sdk module is affected by the vulnerability codenamed \"Barberry\".","references":[{"reference_url":"https://forum.cosmos.network/t/cosmos-sdk-security-advisory-barberry/10825","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.cosmos.network/t/cosmos-sdk-security-advisory-barberry/10825"},{"reference_url":"https://github.com/cosmos/cosmos-sdk","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cosmos/cosmos-sdk"},{"reference_url":"https://github.com/cosmos/cosmos-sdk/pull/16466","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cosmos/cosmos-sdk/pull/16466"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381346?format=json","purl":"pkg:golang/github.com/cosmos/cosmos-sdk@0.46.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cosmos/cosmos-sdk@0.46.13"},{"url":"http://public2.vulnerablecode.io/api/packages/381347?format=json","purl":"pkg:golang/github.com/cosmos/cosmos-sdk@0.47.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cosmos/cosmos-sdk@0.47.3"}],"aliases":["GHSA-w44m-8mv2-v78h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8qb-pvdt-47cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361057?format=json","vulnerability_id":"VCID-zq8j-jg35-6yck","summary":"Barberry Security Advisory - regarding x/auth periodic vesting accounts\n### Impact\n\nIn `PeriodicVestingAccount`, defined in `x/auth`, an attacker can initialize a victim's account as a malicious vesting account, which allows deposits but does not allow withdrawals. When the user then deposits funds into their account, those funds are locked forever, and the user is not able to withdraw them.\n\n### Patches\n\n\\>= v0.46.13 for Cosmos SDK v0.46.x\n\\>= v0.47.3 for Cosmos SDK v0.47.x\n\nIf a network backported periodic vesting accounts to earlier versions of the SDK, those networks are affected too.\n\n### Workarounds\n\nThere is no workaround for this issue. Upgrade immediately.\n\n### References\n\n* Patched versions release notes: [v0.47.3](https://github.com/cosmos/cosmos-sdk/blob/cfc757dc5043fb2758c47c146d2912fd010c1a45/RELEASE_NOTES.md#cosmos-sdk-v0473-release-notes), [v0.46.13](https://github.com/cosmos/cosmos-sdk/blob/d4b7164de5d8391e6aa644d8ea84e07396dd9653/RELEASE_NOTES.md#cosmos-sdk-v04613-release-notes).\n* [Forum Post](https://forum.cosmos.network/t/cosmos-sdk-security-advisory-barberry/10825)","references":[{"reference_url":"https://forum.cosmos.network/t/cosmos-sdk-security-advisory-barberry/10825","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.cosmos.network/t/cosmos-sdk-security-advisory-barberry/10825"},{"reference_url":"https://github.com/cosmos/cosmos-sdk","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cosmos/cosmos-sdk"},{"reference_url":"https://github.com/cosmos/cosmos-sdk/blob/cfc757dc5043fb2758c47c146d2912fd010c1a45/RELEASE_NOTES.md#cosmos-sdk-v0473-release-notes","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cosmos/cosmos-sdk/blob/cfc757dc5043fb2758c47c146d2912fd010c1a45/RELEASE_NOTES.md#cosmos-sdk-v0473-release-notes"},{"reference_url":"https://github.com/cosmos/cosmos-sdk/blob/d4b7164de5d8391e6aa644d8ea84e07396dd9653/RELEASE_NOTES.md#cosmos-sdk-v04613-release-notes","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cosmos/cosmos-sdk/blob/d4b7164de5d8391e6aa644d8ea84e07396dd9653/RELEASE_NOTES.md#cosmos-sdk-v04613-release-notes"},{"reference_url":"https://github.com/cosmos/cosmos-sdk/pull/16466","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cosmos/cosmos-sdk/pull/16466"},{"reference_url":"https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-j2cr-jc39-wpx5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-j2cr-jc39-wpx5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381346?format=json","purl":"pkg:golang/github.com/cosmos/cosmos-sdk@0.46.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cosmos/cosmos-sdk@0.46.13"},{"url":"http://public2.vulnerablecode.io/api/packages/381347?format=json","purl":"pkg:golang/github.com/cosmos/cosmos-sdk@0.47.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cosmos/cosmos-sdk@0.47.3"}],"aliases":["GHSA-j2cr-jc39-wpx5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zq8j-jg35-6yck"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cosmos/cosmos-sdk@0.47.3"}