Common Weakness Enumeration

CWE-670

Allowed-with-Review

Always-Incorrect Control Flow Implementation

Abstraction: Class · Status: Draft

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

203 vulnerabilities reference this CWE, most recent first.

GHSA-4V9Q-CGPW-CF38

Vulnerability from github – Published: 2022-06-06 21:23 – Updated: 2024-11-19 16:17
VLAI
Summary
Multiple evaluation of contract address in call in vyper
Details

Impact

when a calling an external contract with no return value, the contract address could be evaluated twice. this is usually only an efficiency problem, but if evaluation of the contract address has side effects, it could result in double evaluation of the side effects.

in the following example, Foo(msg.sender).bar() is the contract address for the following call (to .foo()), and could get evaluated twice

interface Foo:
    def foo(): nonpayable
    def bar() -> address: nonpayable

@external
def do_stuff():
    Foo(Foo(msg.sender).bar()).foo()

Patches

6b4d8ff185de071252feaa1c319712b2d6577f8d

Workarounds

assign contract addresses to variables. the above example would change to

@external
def do_stuff():
    t: Foo = Foo(msg.sender).bar()
    t.foo()

References

For more information

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vyper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-06T21:23:58Z",
    "nvd_published_at": "2022-06-09T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nwhen a calling an external contract with no return value, the contract address could be evaluated twice. this is usually only an efficiency problem, but if evaluation of the contract address has side effects, it could result in double evaluation of the side effects.\n\nin the following example, `Foo(msg.sender).bar()` is the contract address for the following call (to `.foo()`), and could get evaluated twice\n\n```vyper\ninterface Foo:\n    def foo(): nonpayable\n    def bar() -\u003e address: nonpayable\n\n@external\ndef do_stuff():\n    Foo(Foo(msg.sender).bar()).foo()\n```\n\n### Patches\n6b4d8ff185de071252feaa1c319712b2d6577f8d\n\n### Workarounds\nassign contract addresses to variables. the above example would change to\n```vyper\n@external\ndef do_stuff():\n    t: Foo = Foo(msg.sender).bar()\n    t.foo()\n```\n\n### References\n\n### For more information\n",
  "id": "GHSA-4v9q-cgpw-cf38",
  "modified": "2024-11-19T16:17:52Z",
  "published": "2022-06-06T21:23:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29255"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vyperlang/vyper/commit/6b4d8ff185de071252feaa1c319712b2d6577f8d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2022-43053.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vyperlang/vyper"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Multiple evaluation of contract address in call in vyper"
}

GHSA-4VC8-PG5C-VG4X

Vulnerability from github – Published: 2024-06-12 19:41 – Updated: 2024-12-20 17:49
VLAI
Summary
Keycloak's improper input validation allows using email as username
Details

Keycloak allows the use of email as a username and doesn't check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "24.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3754"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-12T19:41:05Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "Keycloak allows the use of email as a username and doesn\u0027t check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails.",
  "id": "GHSA-4vc8-pg5c-vg4x",
  "modified": "2024-12-20T17:49:09Z",
  "published": "2024-06-12T19:41:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4vc8-pg5c-vg4x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3754"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/f9708037383aa98741e4850447de64dc4a0d4b4e"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2021-3754"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999196"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak\u0027s improper input validation allows using email as username"
}

GHSA-4WWW-5P9H-95MH

Vulnerability from github – Published: 2025-04-15 03:30 – Updated: 2025-04-28 14:27
VLAI
Summary
http-proxy-middleware can call writeBody twice because "else if" is not used
Details

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "http-proxy-middleware"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "2.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "http-proxy-middleware"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-32996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-16T15:23:58Z",
    "nvd_published_at": "2025-04-15T03:15:18Z",
    "severity": "MODERATE"
  },
  "details": "In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because \"else if\" is not used.",
  "id": "GHSA-4www-5p9h-95mh",
  "modified": "2025-04-28T14:27:14Z",
  "published": "2025-04-15T03:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32996"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chimurai/http-proxy-middleware/pull/1089"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chimurai/http-proxy-middleware/commit/020976044d113fc0bcbbaf995e91d05e2829a145"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/chimurai/http-proxy-middleware"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "http-proxy-middleware can call writeBody twice because \"else if\" is not used"
}

GHSA-52QP-GWWH-QRG4

Vulnerability from github – Published: 2021-06-21 17:10 – Updated: 2021-06-16 20:15
VLAI
Summary
Missing Handler in @scandipwa/magento-scripts
Details

Impact

After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable.

Patches

Version 1.5.3 contains patches for the problems described above.

Workarounds

Upgrade to patched or latest (recommended) version npm i @scandipwa/magento-scripts@1.5.3 or npm i @scandipwa/magento-scripts@latest.

References

New releases always available here: https://github.com/scandipwa/create-magento-app/releases

For more information

If you have any questions or comments about this advisory: * Open an issue in create-magento-app

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@scandipwa/magento-scripts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.5.1"
            },
            {
              "fixed": "1.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32684"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-16T20:15:07Z",
    "nvd_published_at": "2021-06-14T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAfter changing the function from synchronous to asynchronous there wasn\u0027t implemented handler in the [start](https://docs.create-magento-app.com/getting-started/available-commands/start), [stop](https://docs.create-magento-app.com/getting-started/available-commands/stop), [exec](https://docs.create-magento-app.com/getting-started/available-commands/exec) and [logs](https://docs.create-magento-app.com/getting-started/available-commands/logs) commands, effectively making them unusable.\n\n### Patches\n[Version 1.5.3](https://github.com/scandipwa/create-magento-app/releases/tag/%40scandipwa%2Fmagento-scripts%401.5.3) contains patches for the problems described above.\n\n### Workarounds\nUpgrade to patched or latest (recommended) version `npm i @scandipwa/magento-scripts@1.5.3` or `npm i @scandipwa/magento-scripts@latest`.\n\n### References\nNew releases always available here: https://github.com/scandipwa/create-magento-app/releases\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [create-magento-app](https://github.com/scandipwa/create-magento-app/issues)\n",
  "id": "GHSA-52qp-gwwh-qrg4",
  "modified": "2021-06-16T20:15:07Z",
  "published": "2021-06-21T17:10:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32684"
    },
    {
      "type": "WEB",
      "url": "https://github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing Handler in @scandipwa/magento-scripts"
}

GHSA-54GX-3CGR-7MFM

Vulnerability from github – Published: 2026-03-11 14:53 – Updated: 2026-03-11 14:53
VLAI
Summary
Cosmos EVM: incorrect state handling during nested EVM execution paths
Details

Advisory ID: ASA-2026-002

Component: ICS20 Precompile

Status: Resolved

Published: March 2026

Contact: security@cosmoslabs.io


Security Advisory ASA-2026-002

Status: Resolved. A patch is available and all known affected chains have either applied mitigations or upgraded.

Field Value
Severity Critical
Affected Component ICS20 Precompile
Affected Versions Cosmos EVM implementations including the ICS20 precompile
Patched Version v0.6.0
First Reported January 21, 2026
Public Disclosure March 2026

Introduction

Recently, there was a vulnerability affecting a feature used by some chains built on the Cosmos EVM stack. Working together with ecosystem partners and affected teams, particularly Saga, B-Harvest, Mantra, Zellic and Sherlock, Cosmos Labs investigated the issue, coordinated mitigations, developed a permanent fix, and issued a patch to affected chains.

We appreciate the collaboration of the teams who assisted during the investigation and response process and thank our ecosystem partners for their support in coordinating mitigation and validation efforts.


Remediation Summary

On January 21, 2026, Cosmos Labs was notified of suspicious activity on a network running the affected implementation. The issue resulted in financial loss on the Saga EVM network.

After confirming the vulnerability, Cosmos Labs coordinated with the affected chain team and ecosystem partners to investigate the issue, deploy mitigations, and assist other chains running the affected code.

Cosmos Labs contacted chains known to be running versions containing the affected component to verify their configurations and support mitigation where necessary. At the time of publication, all known affected chains have either applied mitigations or upgraded to a patched version.


Root Cause

The vulnerability was caused by incorrect state handling during nested EVM execution paths involving the ICS20 precompile.

Under certain execution conditions, state updates performed during recursive calls were not correctly reflected in the outer execution context. This could allow repeated use of the same token balance within a single transaction.


Mitigation

As an immediate mitigation, chains were advised to disable the ICS20 precompile through a coordinated upgrade.

Cosmos Labs assisted ecosystem teams in verifying whether their chains were affected and in applying the mitigation where required.

  • 15 chains were identified as running code containing the issue
  • 6 chains did not have the affected feature enabled
  • The remaining chains implemented the mitigation before exploitation occurred
  • 1 chain experienced an exploit prior to mitigation

Long-Term Fix

A permanent fix was implemented to ensure state consistency across nested EVM execution paths. The patch was distributed privately to affected teams for validation and later released publicly.

The fix is included in v0.6.0.


Am I Affected?

Chains may be affected if they:

  • Run versions of the Cosmos EVM stack that include the ICS20 precompile implementation
  • Have the ICS20 precompile enabled
  • Have not upgraded to v0.6.0 or applied the mitigation

Chains that have upgraded to v0.6.0 or have disabled the ICS20 precompile are not vulnerable to this issue.

If you are unsure whether your chain is affected, please contact:

security@cosmoslabs.io


Timeline

July 2024

The code containing the vulnerability was introduced upstream.

January 21, 2026

A network running the affected implementation experienced an exploit. The incident resulted in an estimated loss of approximately $7M on that network.

January 21, 2026

Cosmos Labs was notified of the potential vulnerability and began investigating.

January 21–22, 2026

The issue was reproduced and an initial mitigation was identified.

Late January 2026

Root cause analysis was conducted and a long-term fix was developed.

Early February 2026

The fix was validated internally and shared privately with affected ecosystem teams for review and testing.

Mid February 2026

Patches and mitigation guidance were distributed to chains running affected code.

March 2026

The permanent fix was released publicly as part of v0.6.0.


Acknowledgements

We would like to thank the teams and security partners who collaborated with us during the investigation and remediation process, including contributors from:

  • Saga
  • B-Harvest
  • Mantra
  • Zellic
  • Sherlock

Their collaboration and responsiveness helped accelerate investigation, validation of the fix, and coordinated mitigation across affected chains.


Strengthening Security Processes

Following this incident, Cosmos Labs is implementing several improvements to further strengthen the security of the Cosmos EVM stack, including:

  • Expanded fuzz testing focused on complex execution paths
  • Additional auditing of state management logic across EVM integrations
  • Improvements to testing frameworks for precompile functionality
  • Continued collaboration with ecosystem security partners
  • Increased our bug bounty payouts for our security program

These improvements are designed to reduce the likelihood of similar issues and ensure that teams building on the Cosmos stack can continue to rely on secure and well-tested infrastructure.


Disclosure and Coordination

Cosmos Labs coordinated with ecosystem partners and affected teams to investigate the issue, validate mitigations, and distribute the permanent fix prior to public disclosure.

We appreciate the collaboration of ecosystem teams who assisted with investigation, validation, and responsible remediation of this issue.


Responsible Disclosure

Cosmos Labs encourages responsible disclosure of potential vulnerabilities.

Security researchers who discover a potential issue are encouraged to report it privately so it can be investigated and addressed responsibly.

Reports can be submitted to:

security@cosmoslabs.io

Information about Cosmos Labs security programs and responsible disclosure practices, including bug bounty opportunities, will be made available through Cosmos Labs security channels, which can be signed up for here.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cosmos/evm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-11T14:53:51Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "**Advisory ID:** ASA-2026-002\n\n**Component:** ICS20 Precompile\n\n**Status:** Resolved\n\n**Published:** March 2026\n\n**Contact:** [security@cosmoslabs.io](mailto:security@cosmoslabs.io)\n\n---\n\n# Security Advisory ASA-2026-002\n\n**Status: Resolved. A patch is available and all known affected chains have either applied mitigations or [upgraded](https://github.com/cosmos/evm/releases/tag/v0.6.0).**\n\n| Field | Value |\n| --- | --- |\n| **Severity** | Critical |\n| **Affected Component** | ICS20 Precompile |\n| **Affected Versions** | Cosmos EVM implementations including the ICS20 precompile |\n| **Patched Version** | [v0.6.0](https://github.com/cosmos/evm/releases/tag/v0.6.0) |\n| **First Reported** | January 21, 2026 |\n| **Public Disclosure** | March 2026 |\n\n---\n\n## Introduction\n\nRecently, there was a vulnerability affecting a feature used by some chains built on the Cosmos EVM stack.  Working together with ecosystem partners and affected teams, particularly Saga, B-Harvest, Mantra, Zellic and Sherlock, Cosmos Labs  investigated the issue, coordinated mitigations, developed a permanent fix, and issued a patch to affected chains.\n\nWe appreciate the collaboration of the teams who assisted during the investigation and response process and thank our ecosystem partners for their support in coordinating mitigation and validation efforts.\n\n---\n\n## Remediation Summary\n\nOn January 21, 2026, Cosmos Labs was notified of suspicious activity on a network running the affected implementation. The issue resulted in financial loss on the Saga EVM network.\n\nAfter confirming the vulnerability, Cosmos Labs coordinated with the affected chain team and ecosystem partners to investigate the issue, deploy mitigations, and assist other chains running the affected code.\n\nCosmos Labs contacted chains known to be running versions containing the affected component to verify their configurations and support mitigation where necessary. At the time of publication, all known affected chains have either applied mitigations or upgraded to a patched version.\n\n---\n\n## Root Cause\n\nThe vulnerability was caused by incorrect state handling during nested EVM execution paths involving the ICS20 precompile.\n\nUnder certain execution conditions, state updates performed during recursive calls were not correctly reflected in the outer execution context. This could allow repeated use of the same token balance within a single transaction.\n\n---\n\n## Mitigation\n\nAs an immediate mitigation, chains were advised to disable the ICS20 precompile through a coordinated upgrade.\n\nCosmos Labs assisted ecosystem teams in verifying whether their chains were affected and in applying the mitigation where required.\n\n- 15 chains were identified as running code containing the issue\n- 6 chains did not have the affected feature enabled\n- The remaining chains implemented the mitigation before exploitation occurred\n- 1 chain experienced an exploit prior to mitigation\n\n---\n\n## Long-Term Fix\n\nA permanent fix was implemented to ensure state consistency across nested EVM execution paths. The patch was distributed privately to affected teams for validation and later released publicly.\n\nThe fix is included in **[v0.6.0](https://github.com/cosmos/evm/releases/tag/v0.6.0)**.\n\n---\n\n## Am I Affected?\n\nChains may be affected if they:\n\n- Run versions of the Cosmos EVM stack that include the ICS20 precompile implementation\n- Have the ICS20 precompile enabled\n- Have not upgraded to **v0.6.0** or applied the mitigation\n\nChains that have upgraded to **v0.6.0** or have disabled the ICS20 precompile are **not vulnerable to this issue**.\n\nIf you are unsure whether your chain is affected, please contact:\n\n**[security@cosmoslabs.io](mailto:security@cosmoslabs.io)**\n\n---\n\n## Timeline\n\n**July 2024**\n\nThe code containing the vulnerability was introduced upstream.\n\n**January 21, 2026**\n\nA network running the affected implementation experienced an exploit. The incident resulted in an estimated loss of approximately **$7M** on that network.\n\n**January 21, 2026**\n\nCosmos Labs was notified of the potential vulnerability and began investigating.\n\n**January 21\u201322, 2026**\n\nThe issue was reproduced and an initial mitigation was identified.\n\n**Late January 2026**\n\nRoot cause analysis was conducted and a long-term fix was developed.\n\n**Early February 2026**\n\nThe fix was validated internally and shared privately with affected ecosystem teams for review and testing.\n\n**Mid February 2026**\n\nPatches and mitigation guidance were distributed to chains running affected code.\n\n**March 2026**\n\nThe permanent fix was released publicly as part of **v0.6.0**.\n\n---\n\n## Acknowledgements\n\nWe would like to thank the teams and security partners who collaborated with us during the investigation and remediation process, including contributors from:\n\n- Saga\n- B-Harvest\n- Mantra\n- Zellic\n- Sherlock\n\nTheir collaboration and responsiveness helped accelerate investigation, validation of the fix, and coordinated mitigation across affected chains.\n\n---\n\n## Strengthening Security Processes\n\nFollowing this incident, Cosmos Labs is implementing several improvements to further strengthen the security of the Cosmos EVM stack, including:\n\n- Expanded fuzz testing focused on complex execution paths\n- Additional auditing of state management logic across EVM integrations\n- Improvements to testing frameworks for precompile functionality\n- Continued collaboration with ecosystem security partners\n- Increased our bug bounty payouts for our [security program](https://hackerone.com/cosmos)\n\nThese improvements are designed to reduce the likelihood of similar issues and ensure that teams building on the Cosmos stack can continue to rely on secure and well-tested infrastructure.\n\n---\n\n## Disclosure and Coordination\n\nCosmos Labs coordinated with ecosystem partners and affected teams to investigate the issue, validate mitigations, and distribute the permanent fix prior to public disclosure.\n\nWe appreciate the collaboration of ecosystem teams who assisted with investigation, validation, and responsible remediation of this issue.\n\n---\n\n## Responsible Disclosure\n\nCosmos Labs encourages responsible disclosure of potential vulnerabilities.\n\nSecurity researchers who discover a potential issue are encouraged to report it privately so it can be investigated and addressed responsibly.\n\nReports can be submitted to:\n\n**[security@cosmoslabs.io](mailto:security@cosmoslabs.io)**\n\nInformation about Cosmos Labs security programs and responsible disclosure practices, including bug bounty opportunities, will be made available through Cosmos Labs security channels, which can be signed up for [here](https://docs.google.com/forms/d/1Ae6ruTAw9zRoeN0xFxNbTfS-xCFdO68NGRsyFAeWHMc/edit).",
  "id": "GHSA-54gx-3cgr-7mfm",
  "modified": "2026-03-11T14:53:51Z",
  "published": "2026-03-11T14:53:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cosmos/evm/security/advisories/GHSA-54gx-3cgr-7mfm"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cosmos/evm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cosmos/evm/releases/tag/v0.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Cosmos EVM: incorrect state handling during nested EVM execution paths"
}

GHSA-55CG-V6GQ-M3WM

Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-03 00:30
VLAI
Details

Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26841"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.",
  "id": "GHSA-55cg-v6gq-m3wm",
  "modified": "2023-03-03T00:30:44Z",
  "published": "2023-02-16T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26841"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-574Q-W5VP-7FM6

Vulnerability from github – Published: 2024-04-06 12:30 – Updated: 2024-04-06 12:30
VLAI
Details

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3376"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670",
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-06T12:15:08Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability.",
  "id": "GHSA-574q-w5vp-7fm6",
  "modified": "2024-04-06T12:30:56Z",
  "published": "2024-04-06T12:30:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3376"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Sospiro014/zday1/blob/main/Execution_After_Redirect.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.259497"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.259497"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.311154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-59JP-FJJ9-MP2M

Vulnerability from github – Published: 2023-02-16 21:30 – Updated: 2023-03-06 21:30
VLAI
Details

Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27808"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-16T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-59jp-fjj9-mp2m",
  "modified": "2023-03-06T21:30:19Z",
  "published": "2023-02-16T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27808"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00761.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5FQF-3HPP-7G3X

Vulnerability from github – Published: 2023-04-20 15:30 – Updated: 2024-04-04 03:36
VLAI
Details

An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-29609"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-20T13:15:07Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator.",
  "id": "GHSA-5fqf-3hpp-7g3x",
  "modified": "2024-04-04T03:36:55Z",
  "published": "2023-04-20T15:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29609"
    },
    {
      "type": "WEB",
      "url": "https://wiki.onosproject.org/display/ONOS/Intent+Framework"
    },
    {
      "type": "WEB",
      "url": "https://www.usenix.org/system/files/sec23fall-prepub-285_kim-jiwon.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5G37-XX8Q-6W6X

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2024-02-15 21:31
VLAI
Details

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3011"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-07T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).",
  "id": "GHSA-5g37-xx8q-6w6x",
  "modified": "2024-02-15T21:31:25Z",
  "published": "2022-05-24T17:38:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3011"
    },
    {
      "type": "WEB",
      "url": "https://ninjalab.io/a-side-journey-to-titan"
    },
    {
      "type": "WEB",
      "url": "https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.