2 matches found
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11090 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11090 Source advisory: OSV:PYSEC-2020-47...
CVE-2020-11090
Indy Node 1.12.2 contains an Uncontrolled Resource Consumption vulnerability in the TAA handling code. A malformed client transaction can crash the current primary, triggering view changes that, if repeated rapidly, may disrupt the network. The issue is fixed in version 1.12.3; users should upgra...