{"id":"GO-2025-3476","summary":"Cosmos SDK: Groups module can halt chain when handling a malicious proposal in github.com/cosmos/cosmos-sdk","details":"Cosmos SDK: Groups module can halt chain when handling a malicious proposal in github.com/cosmos/cosmos-sdk","aliases":["GHSA-x5vx-95h7-rv4p"],"modified":"2025-03-03T16:27:07.249528Z","published":"2025-03-03T16:11:01Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3476"},"references":[{"type":"ADVISORY","url":"https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-x5vx-95h7-rv4p"},{"type":"FIX","url":"https://github.com/cosmos/cosmos-sdk/commit/0a98b65b24900a0e608866c78f172cf8e4140aea"},{"type":"WEB","url":"https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.16"},{"type":"WEB","url":"https://github.com/cosmos/cosmos-sdk/releases/tag/v0.50.12"}],"affected":[{"package":{"name":"github.com/cosmos/cosmos-sdk","ecosystem":"Go","purl":"pkg:golang/github.com/cosmos/cosmos-sdk"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.47.16-ics-lsm"},{"introduced":"0.50.0-alpha.0"},{"fixed":"0.50.12"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/cosmos/cosmos-sdk/x/group","symbols":["PercentageDecisionPolicy.Allow"]},{"path":"github.com/cosmos/cosmos-sdk/x/group/keeper","symbols":["Keeper.UpdateGroupMembers"]},{"path":"github.com/cosmos/cosmos-sdk/x/group/simulation","symbols":["SimulateMsgUpdateGroupMembers","WeightedOperations"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3476.json"}}],"schema_version":"1.7.3"}