BIT-HYPERLEDGER-FABRIC-PEER-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject and exposes deSerializeChannel which call ObjectInputStream.readObject on untrusted byte arrays without...

PT-2026-37132

Name of the Vulnerable Software and Affected Versions Hyperledger Fabric versions 1.0.0 through 2.2.26 Description In the deprecated fabric-sdk-java client SDK, the Channel.java file implements readObject and exposes the deSerializeChannel function, both of which call ObjectInputStream.readObject...

EUVD-2023-3042

Malicious code in bioql PyPI...

EUVD-2022-5370

Malicious code in bioql PyPI...

EUVD-2022-0123

Malicious code in bioql PyPI...

EUVD-2022-6271

Malicious code in bioql PyPI...

EUVD-2022-7152

Malicious code in bioql PyPI...

EUVD-2024-2485

Malicious code in bioql PyPI...

Decentralized COVID-19 Health System Leveraging Blockchain

With the development of the Internet, the amount of data generated by the medical industry each year has grown exponentially. The Electronic Health Record EHR manages the electronic data generated during the user's treatment process. Typically, an EHR data manager belongs to a medical institution...

CVE-2023-46132

Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...

CVE-2022-45196

Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...

A Blockchain-Based Approach for Secure and Transparent E-Faktur Issuance in Indonesia'S VAT Reporting System

The implementation of blockchain technology in tax administration offers promising improvements in security, transparency, and efficiency. This paper presents the design of a blockchain-based e-Faktur system aimed at addressing the challenges of issuing and verifying tax invoices within Indonesia...

Adversary-Augmented Simulation for Fairness Evaluation and Defense in Hyperledger Fabric

This paper presents an adversary model and a simulation framework specifically tailored for analyzing attacks on distributed systems composed of multiple distributed protocols, with a focus on assessing the security of blockchain networks. Our model classifies and constrains adversarial actions...

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283

Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2024-52798

Summary path-to-regexp-0.1.10.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to...

CVE-2022-36023

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

BIT-HYPERLEDGER-FABRIC-PEER-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

BIT-HYPERLEDGER-FABRIC-TOOLS-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

GO-2024-3099 Hyperledger Fabric does not verify request has a timestamp within the expected time window in github.com/hyperledger/fabric

Hyperledger Fabric does not verify request has a timestamp within the expected time window in github.com/hyperledger/fabric...

Hyperledger Fabric does not verify request has a timestamp within the expected time window

Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window...