{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:10:39.826","vulnerabilities":[{"cve":{"id":"CVE-2022-36061","sourceIdentifier":"security-advisories@github.com","published":"2022-09-06T21:15:08.633","lastModified":"2024-11-21T07:12:17.653","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Elrond go is the go implementation for the Elrond Network protocol. In versions prior to 1.3.35, read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract's B state, the state will be altered for contract B as if the call was not made in the read-only mode. This can lead to some effects not designed by the original smart contracts programmers. This issue was patched in version 1.3.35. There are no known workarounds."},{"lang":"es","value":"Elrond go es la implementación go para el protocolo de la Red Elrond. En versiones anteriores a la 1.3.35, las llamadas de sólo lectura entre contratos pueden generar resultados de contratos inteligentes. Por ejemplo, si el contrato A llama en modo de sólo lectura al contrato B y la función llamada realiza cambios sobre el estado del contrato B, el estado será alterado para el contrato B como si la llamada no fuera realizada en modo de sólo lectura. Esto puede conllevar a algunos efectos no diseñados por los programadores de los contratos inteligentes originales. Este problema fue parcheado en versión 1.3.35. No se presentan mitigaciones conocidas.\n"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-665"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elrond:elrond_go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.35","matchCriteriaId":"56E3CD21-6971-4E78-86B7-769469400236"}]}]}],"references":[{"url":"https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/ElrondNetwork/elrond-go/blob/8e402fa6d7e91e779980122d3798b2bf50892945/integrationTests/vm/txsFee/asyncESDT_test.go#L452","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ElrondNetwork/elrond-go/releases/tag/v1.3.35","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-mv8x-668m-53fg","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}