N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-fpgj-cr28-fvpx

EPSS Score

CWE

CWE-89

Published

8/21/2024

Updated

8/21/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-fpgj-cr28-fvpx

GHSA-fpgj-cr28-fvpx: CWA-2024-006: wasmd non-deterministic module_query_safe query

Component: wasmd Criticality: Medium (ACMv1: I:Moderate; L:Likely) Patched versions: wasmd 0.53.0

See CWA-2024-006 for more details.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-fpgj-cr28-fvpx

GHSA-fpgj-cr28-fvpx:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-fpgj-cr28-fvpx

EPSS Score

CWE

CWE-89

Published

8/21/2024

Updated

8/21/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/CosmWasm/wasmd	go	= 0.52.0	0.53.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the improper use of the cosmos.query.v1.module_query_safe annotation on the SmartContractState RPC method. The commit diff shows this annotation was removed from query.proto, indicating it was the source of the vulnerability. The module_query_safe flag implies deterministic execution, but smart contract queries can execute arbitrary Wasm code that might be non-deterministic. Other changes in the commit (call depth limits, query stack checks) appear to be defensive programming improvements rather than direct vulnerability sources.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-fpgj-cr28-fvpx: CWA-2024-006: wasmd non-deterministic module_query_safe query

GHSA-fpgj-cr28-fvpx:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-fpgj-cr28-fvpx: CWA-2024-006: wasmd non-deterministic module_query_safe query

Technical Details

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI