{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T02:26:41.104","vulnerabilities":[{"cve":{"id":"CVE-2021-41135","sourceIdentifier":"security-advisories@github.com","published":"2021-10-20T18:15:07.807","lastModified":"2024-11-21T06:25:33.550","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includes a user-defined expiration time for when the authorization grant expires. In Grant.ValidateBasic(), that time is compared to the node’s local clock time. Any chain running an affected version of the SDK with the authz module enabled could be halted by anyone with the ability to send transactions on that chain. Recovery would require applying the patch and rolling back the latest block. Users are advised to update to version 0.44.2."},{"lang":"es","value":"Cosmos-SDK es un marco de trabajo para construir aplicaciones blockchain en Golang. Las versiones afectadas del SDK eran vulnerables a una interrupción del consenso debido a un comportamiento no determinista en un método ValidateBasic del módulo x/authz. El MsgGrant del módulo x/authz contiene un campo Grant que incluye un tiempo de expiración definido por el usuario para cuando la concesión de autorización expira. En Grant.ValidateBasic(), esa hora se compara con la hora del reloj local del nodo. Cualquier cadena que ejecute una versión afectada del SDK con el módulo authz habilitado podría ser detenida por cualquier persona con la capacidad de enviar transacciones en esa cadena. Una recuperación requeriría aplicar el parche y hacer retroceder el último bloque. Se recomienda usuarios actualizar a la versión 0.44.2"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:interchain:cosmos_sdk:*:*:*:*:*:*:*:*","versionStartIncluding":"0.43.0","versionEndExcluding":"0.44.2","matchCriteriaId":"F574CC28-3488-4477-91CB-B934EA767B87"}]}]}],"references":[{"url":"https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://forum.cosmos.network/t/cosmos-sdk-vulnerability-retrospective-security-advisory-jackfruit-october-12-2021/5349","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/cosmos/cosmos-sdk/commit/68ab790a761e80d3674f821794cf18ccbfed45ee","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/cosmos/cosmos-sdk/security/advisories/GHSA-2p6r-37p9-89p2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}