48 matches found
CVE-2022-31020
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
EUVD-2020-0087
Malware in sbrugna...
EUVD-2022-0124
Malicious code in bioql PyPI...
CVE-2022-31006
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...
CVE-2020-11090
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:GHSA-WH2W-39F4-RPV2...
Hyperledger: POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.
This issue is related to the https://github.com/hyperledger/indy-node. The issue was found in the indy-node code that handles the write request of type POOLUPGRADE in file indy-node/indynode/server/requesthandlers/configreqhandlers/poolupgradehandler.py. The additionaldynamicvalidation function...
GHSA-X996-7QH9-7FF7 Hyperledger indy-node vulnerable to denial of service
Impact An attacker can max out the number of client connections allowed by the ledger that was deployed using guidance provided in the indy-node repository, leaving the ledger unable to be used for its intended purpose. The ledger content will not be impacted by the attack, and the ledger will...
Hyperledger indy-node vulnerable to denial of service
Impact An attacker can max out the number of client connections allowed by the ledger that was deployed using guidance provided in the indy-node repository, leaving the ledger unable to be used for its intended purpose. The ledger content will not be impacted by the attack, and the ledger will...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:GHSA-X996-7QH9-7FF7...
CVE-2022-31006
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:PYSEC-2022-270...
Code injection
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...
PYSEC-2022-270
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...
CVE-2022-31006 Hyperledger Indy DOS vulnerability
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...
CVE-2022-31006 Hyperledger Indy DOS vulnerability
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...
CVE-2022-31006
CVE-2022-31006 affects Hyperledger Indy’s indy-node server. In vulnerable versions, an attacker can exhaust the ledger’s allowed client connections, causing a denial of service where the ledger remains functionally operable but unavailable to others until the attack ends. The impact is availabili...
PT-2022-20453 · Indy Node · Indy Node
Name of the Vulnerable Software and Affected Versions: indy-node affected versions not specified Description: The issue allows an attacker to max out the number of client connections allowed by the ledger, leaving it unable to be used for its intended purpose. However, the ledger content will not...
Indy Node 资源管理错误漏洞
Indy Node is the server part of a distributed ledger open-sourced by Hyperledger in the United States. Built specifically for decentralized identities. Indy Node suffers from a resource management error vulnerability that stems from the fact that an attacker can use the guidance provided in the...
CVE-2022-31020
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...