Improper Access Control Affecting github.com/multiversx/mx-chain-go/process/smartcontract/builtinfunctions package, versions <1.3.35
Threat Intelligence
EPSS
0.24% (63rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMMULTIVERSXMXCHAINGOPROCESSSMARTCONTRACTBUILTINFUNCTIONS-7897198
- published 5 Sep 2024
- disclosed 7 Sep 2022
- credit Unknown
Introduced: 7 Sep 2022
CVE-2022-36061 Open this link in a new tabHow to fix?
Upgrade github.com/multiversx/mx-chain-go/process/smartContract/builtInFunctions
to version 1.3.35 or higher.
Overview
Affected versions of this package are vulnerable to Improper Access Control by altering the state of another contract through read only calls as if the call was not made in the read-only mode.
References
CVSS Scores
version 3.1