Cosmwasm: Security Vulnerabilities
The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.
CVSS Score
3.2
EPSS Score
0.0
Published
2025-07-27
The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-07-27
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.
CVSS Score
7.5
EPSS Score
0.006
Published
2025-03-18