Lucene search
K

12 matches found

vulnersOsv
vulnersOsv
added 2026/05/07 6:41 a.m.12 views

com.baoquan:verax-sdk (=1.0.0), com.easypayx:easypay-blockchain-java-sdk (>=1.0.0 <=1.0.4) +21 more potentially affected by CVE-2026-41586 via org.hyperledger.fabric-sdk-java:fabric-sdk-java (>=1.0.1 <=2.2.8)

org.hyperledger.fabric-sdk-java:fabric-sdk-java MAVEN version =1.0.1, =1.0.0, =1.0.0-RELEASE, =1.0.0-RELEASE, =0.0.1, =1.0.0, =1.0.0, =1.0, =3.16.1, =1.2.0, =1.3.0, =0.10.1, =014.1 and more Source cves: CVE-2026-41586 Source advisory: SNYK:JAVA-ORGHYPERLEDGERFABRICSDKJAVA-16439197...

9.3CVSS5.8AI score0.0041EPSS
Exploits0
Snyk
Snyk
added 2026/05/07 6:41 a.m.8 views

Deserialization of Untrusted Data

Overview org.hyperledger.fabric-sdk-java:fabric-sdk-java is a Java SDK for Hyperledger Fabric. Deprecated as of Fabric v2.5, replaced by org.hyperledger.fabric:fabric-gateway. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deSerializeChannel...

9.8CVSS6.3AI score0.0041EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 5:12 a.m.71 views

CVE-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

9.3CVSS0.0041EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 5:12 a.m.30 views

CVE-2026-41586

CVE-2026-41586 affects Hyperledger Fabric’s deprecated fabric-sdk-java (Channel.java) where readObject() is invoked on untrusted bytes without an ObjectInputFilter, enabling Java deserialization RCE. Exploitation requires crafted serialized Channel data processed by deSerializeChannel(), with hig...

9.3CVSS5.8AI score0.0041EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/29 8:41 p.m.7 views

com.baoquan:verax-sdk (=1.0.0), com.easypayx:easypay-blockchain-java-sdk (>=1.0.0 <=1.0.4) +21 more potentially affected by CVE-2026-41586 via org.hyperledger.fabric-sdk-java:fabric-sdk-java (>=1.0.1 <=2.2.26)

org.hyperledger.fabric-sdk-java:fabric-sdk-java MAVEN version =1.0.1, =1.0.0, =1.0.0-RELEASE, =1.0.0-RELEASE, =0.0.1, =1.0.0, =1.0.0, =1.0, =3.16.1, =1.2.0, =1.3.0, =0.10.1, =0.11.5 and more Source cves: CVE-2026-41586 Source advisory: OSV:GHSA-PRF8-CF2X-RHX7...

9.3CVSS5.8AI score0.0041EPSS
Exploits0
OSV
OSV
added 2026/04/29 8:41 p.m.15 views

GHSA-PRF8-CF2X-RHX7 fabric-sdk-java has ObjectInputStream.readObject() without ObjectInputFilter, which allows Java deserialization RCE

Summary This advisory covers the deprecated fabric-sdk-java client SDK. Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without configuring an ObjectInputFilter. This is the classic Java deserialization RCE pattern...

9.3CVSS5.8AI score0.0041EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/10 11:31 p.m.23 views

CVE-2024-2365 Musicshelf SHA-1 PinningTrustManager.java weak password hash

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with...

1.6CVSS4.2AI score0.00277EPSS
Exploits1References3
Hacker One
Hacker One
added 2022/08/15 9:35 p.m.32 views

Hyperledger: Cross Site Scripting Vulnerability in fabric-sdk-py source code

See this fix on GitHub https://github.com/hyperledger/fabric-sdk-py/pull/175 Impact Some old affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html,...

0.9AI score
Exploits0
OSV
OSV
added 2021/05/31 3:39 p.m.14 views

CWE-379 in fabric-sdk-rest version All released versions (project is now archived)

In Hyperledger fabric-sdk-rest version All released versions project is now archived a CWE-379 exists in the packages/fabric-rest/fabric-rest-server script that can be attacked via Local resulting in File overwrite from a privileged user...

4.3AI score
Exploits0References2
OSV
OSV
added 2021/05/31 3:39 p.m.12 views

GSD-2021-1000003 CWE-379 in fabric-sdk-rest version All released versions (project is now archived)

In Hyperledger fabric-sdk-rest version All released versions project is now archived a CWE-379 exists in the packages/fabric-rest/fabric-rest-server script that can be attacked via Local resulting in File overwrite from a privileged user...

7AI score
Exploits0References2
Hacker One
Hacker One
added 2020/02/20 11:40 p.m.35 views

Hyperledger: RCE vulnerability in Hyperledger Fabric SDK for Java

Hyperledger Fabric SDK for Java version 2.0.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. In the following source code files and corresponding line number, an arbitrary file gets parsed by...

4.4AI score
Exploits0
Hacker One
Hacker One
added 2016/01/04 4:49 p.m.33 views

X (Formerly Twitter): Bypassing callback_url validation on Digits

Hi, I would like to report an issue in Digits which allows attacker to bypass the callbackurl validation of an application and thus takeover an account. Detail Digits is a part of the Fabric SDK which offers phone-based sign in. It also provides web login flow. In the navigation-based...

7AI score
Exploits0
Rows per page
Query Builder