Add reference to ACMv1 in recent advisories

CosmWasm · Aug 21, 2024 · e15db69 · e15db69
1 parent be40bfc
commit e15db69
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 7 deletions.
diff --git a/CWAs/CWA-2024-001.md b/CWAs/CWA-2024-001.md
@@ -2,7 +2,7 @@
 
 **Severity**
 
-Low
+Low[^1]
 
 **Affected versions:** serde-json-wasm < 1.0.1, < 0.5.2
 **Patched versions:** serde-json-wasm 1.0.1, 0.5.2
@@ -38,3 +38,5 @@ program by reporting a bug, please see <https://hackerone.com/cosmos>.
 - 2024-01-24: [Submitted to](https://github.com/rustsec/advisory-db/pull/1867) RustSec Advisory Database
 - 2024-02-01: Advisory published
 - 2024-02-09: RustSec Advisory Database entry created ([RUSTSEC-2024-0012](https://rustsec.org/advisories/RUSTSEC-2024-0012.html))
+
+[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md
diff --git a/CWAs/CWA-2024-002.md b/CWAs/CWA-2024-002.md
@@ -2,7 +2,7 @@
 
 **Severity**
 
-Medium
+Medium[^1]
 
 **Affected versions:**
 
@@ -47,3 +47,5 @@ Affected if `overflow-checks = true` is not set:
 - 2024-04-22: The upcoming patch is announced through the CosmWasm advisories notification list and publicly on X (https://twitter.com/CosmWasm/status/1782439624608030771).
 - 2024-04-24: The patch is released.
 - 2024-04-24: RustSec Advisory Database entry created ([RUSTSEC-2024-0338](https://rustsec.org/advisories/RUSTSEC-2024-0338.html))
+
+[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md
diff --git a/CWAs/CWA-2024-003.md b/CWAs/CWA-2024-003.md
@@ -2,7 +2,7 @@
 
 **Severity**
 
-Low (Moderate + Unlikely)
+Low (Moderate + Unlikely)[^1]
 
 **Affected versions:**
 
@@ -75,3 +75,5 @@ program by reporting a bug, please see <https://hackerone.com/cosmos>.
 - 2024-04-21: Bug reported via Cosmos HackerOne
 - 2024-04-25: A patch was created internally
 - 2024-07-11: The patch is published and released with wasmd 0.52
+
+[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md
diff --git a/CWAs/CWA-2024-004.md b/CWAs/CWA-2024-004.md
@@ -2,7 +2,7 @@
 
 **Severity**
 
-Medium (Moderate + Likely)
+Medium (Moderate + Likely)[^1]
 
 **Affected versions:**
 
@@ -63,3 +63,5 @@ program by reporting a bug, please see <https://hackerone.com/cosmos>.
 - 2024-08-02: Confio developed the patch internally.
 - 2024-08-08: Patch released
 - 2024-08-08: Updated patched versions to ones that will invalidate the cache
+
+[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md
diff --git a/CWAs/CWA-2024-005.md b/CWAs/CWA-2024-005.md
@@ -2,7 +2,7 @@
 
 **Severity**
 
-High (Critical + Likely)
+High (Critical + Likely)[^1]
 
 **Affected versions:**
 
@@ -46,3 +46,5 @@ program by reporting a bug, please see <https://hackerone.com/cosmos>.
 - 2024-08-19: Patch release announced though notifications list.
 - 2024-08-20: Patch release announced on X: <https://x.com/CosmWasm/status/1825814580217381334>.
 - 2024-08-21: Patch released.
+
+[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md
diff --git a/CWAs/CWA-2024-006.md b/CWAs/CWA-2024-006.md
@@ -2,7 +2,7 @@
 
 **Severity**
 
-Medium (Moderate + Likely)
+Medium (Moderate + Likely)[^1]
 
 **Affected versions:**
 
@@ -61,3 +61,5 @@ program by reporting a bug, please see <https://hackerone.com/cosmos>.
 - 2024-08-19: Patch release announced though notifications list.
 - 2024-08-20: Patch release announced on X: <https://x.com/CosmWasm/status/1825814580217381334>.
 - 2024-08-21: Patch released.
+
+[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md
diff --git a/CWAs/README.md b/CWAs/README.md
@@ -67,6 +67,6 @@
 [CWA-2021-002]: ./CWA-2021-002.md
 [CWA-2021-001]: ./CWA-2021-001.md
 
-[^1]: following Amulet's Severity Classification Framework: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md
+[^1]: following Amulet's Severity Classification Framework ACMv1: https://github.com/interchainio/security/blob/e0227a1fb4059144aab4f6003eeee7f09912db3a/resources/CLASSIFICATION_MATRIX.md
 
 [^2]: Contracts: everything compiled into Wasm (comswasm-std, other contract libraries); VM: everything executing contracts (cosmwasm-vm, wasmvm); x/wasm: integration of the VM into the chain (wasmd)