Improper Validation Affecting github.com/tendermint/tendermint/consensus Open this link in a new tab package, versions <0.32.7
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
9 Apr 2020
19 Oct 2019
Introduced: 19 Oct 2019CWE-20 Open this link in a new tab
How to fix?
github.com/tendermint/tendermint/consensus to version 0.32.7 or higher.
github.com/tendermint/tendermint/consensus is a consensus package part of Tendermint.
Affected versions of this package are vulnerable to Improper Validation. An attacker could construct a
BlockPartMessage message in such a way that it will lead to consensus failure.