CVE-2022-36023

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

CVE-2020-11093

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

CVE-2024-21669

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

BIT-HYPERLEDGER-FABRIC-TOOLS-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

BIT-HYPERLEDGER-FABRIC-PEER-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

BIT-HYPERLEDGER-FABRIC-ORDERER-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

Hyperledger Indy's update process of a DID does not check who signs the request

Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...

GHSA-WH2W-39F4-RPV2 Hyperledger Indy's update process of a DID does not check who signs the request

Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...

GO-2024-3099 Hyperledger Fabric does not verify request has a timestamp within the expected time window in github.com/hyperledger/fabric

Hyperledger Fabric does not verify request has a timestamp within the expected time window in github.com/hyperledger/fabric...

Improper Authorization

github.com/hyperledger/fabric is vulnerable to Improper Authorization. the vulnerability is due to the improper verification of timestamp authenticity within the request handling process. An attacker can manipulate the timestamp to bypass security controls by sending a crafted request with a...

GHSA-48GG-32Q2-4R6M Hyperledger Fabric does not verify request has a timestamp within the expected time window

Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window...

Hyperledger Fabric does not verify request has a timestamp within the expected time window

Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window...

CVE-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

CVE-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

CVE-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

CVE-2024-45244

Hyperledger Fabric (versions up to 3.0.0 and 2.5.x up to 2.5.9) is documented to fail to verify that a request’s timestamp falls within the expected time window. The vulnerability affects the timestamp validation path in Fabric’s request handling, enabling possible manipulation of timestamps to b...

Hyperledger Fabric 安全漏洞

Hyperledger Fabric is an enterprise-licensed distributed ledger framework open-sourced by Hyperledger. It is used to develop solutions and applications. A security vulnerability exists in Hyperledger Fabric version 2.5.9 that stems from an inability to verify that a request is timestamped within...

CVE-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

PT-2024-31501 · Hyperledger · Hyperledger Fabric

Name of the Vulnerable Software and Affected Versions: Hyperledger Fabric versions 2.5.0 through 2.5.9 Description: The issue is related to Hyperledger Fabric not verifying that a request has a timestamp within the expected time window. This problem can be exploited due to the lack of proper...

BIT-HYPERLEDGER-FABRIC-ORDERER-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...