Lucene search

K

Hydra Security Vulnerabilities

cve
cve

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

4.6CVSS

7AI Score

0.0004EPSS

2024-04-22 11:15 PM
32
cve
cve

CVE-2023-42449

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

8.1CVSS

7.9AI Score

0.001EPSS

2023-10-04 08:15 PM
12
cve
cve

CVE-2023-38701

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and...

9.1CVSS

9.2AI Score

0.001EPSS

2023-10-04 07:15 PM
18
cve
cve

CVE-2023-42448

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed (Close transaction), but no such check appears to...

8.1CVSS

7.8AI Score

0.001EPSS

2023-10-04 07:15 PM
18
cve
cve

CVE-2023-42806

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsf{cid}$ allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state...

6.5CVSS

6.3AI Score

0.001EPSS

2023-09-21 05:15 PM
15
cve
cve

CVE-2013-2343

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka...

7.7AI Score

0.787EPSS

2022-10-03 04:15 PM
35
cve
cve

CVE-2020-5300

In Hydra (an OAuth2 Server and OpenID Certifiedโ„ข OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion jti: "A unique identifier for the token, which can be used.....

5.8CVSS

5.2AI Score

0.001EPSS

2020-04-06 05:15 PM
34
cve
cve

CVE-2019-17502

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL...

7.5CVSS

7.5AI Score

0.001EPSS

2019-10-12 08:15 PM
133
cve
cve

CVE-2019-8400

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint...

6.1CVSS

5.9AI Score

0.001EPSS

2019-02-17 06:29 AM
22