Information Exposure ("Huckleberry" Vulnerability) Affecting github.com/cosmos/ibc-go/v5/modules/core/keeper package, versions <5.2.1>=5.3.0 <5.3.1


Severity

Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-GITHUBCOMCOSMOSIBCGOV5MODULESCOREKEEPER-5711927
  • published18 Jun 2023
  • disclosed15 Jun 2023
  • creditUnknown

Introduced: 15 Jun 2023

CVE NOT AVAILABLE CWE-200  (opens in a new tab)

How to fix?

Upgrade github.com/cosmos/ibc-go/v5/modules/core/keeper to version 5.2.1, 5.3.1 or higher.

Overview

github.com/cosmos/ibc-go/v5/modules/core/keeper is an interblockchain communication protocol (IBC) implementation in Golang built as a SDK module.

Affected versions of this package are vulnerable to Information Exposure ("Huckleberry" Vulnerability) due to ordered packets in the UnreceivedPackets query not being handled correctly.

CVSS Scores

version 3.1