Lucene search
K

223 matches found

OSV
OSV
added 2024/07/18 7:22 p.m.10 views

BIT-HYPERLEDGER-FABRIC-ORDERER-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

7.5CVSS7.3AI score0.01612EPSS
Exploits0References5
OSV
OSV
added 2024/07/18 7:22 p.m.10 views

BIT-HYPERLEDGER-FABRIC-PEER-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

7.5CVSS7.3AI score0.01612EPSS
Exploits0References5
OSV
OSV
added 2024/07/18 7:21 p.m.13 views

BIT-HYPERLEDGER-FABRIC-ORDERER-2022-36023 Remote denial of service in Hyperledger Fabric Gateway

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

7CVSS5.7AI score0.00912EPSS
Exploits0References6
OSV
OSV
added 2024/07/18 7:21 p.m.11 views

BIT-HYPERLEDGER-FABRIC-TOOLS-2022-36023 Remote denial of service in Hyperledger Fabric Gateway

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

7CVSS5.7AI score0.00912EPSS
Exploits0References6
OSV
OSV
added 2024/07/18 7:21 p.m.17 views

BIT-HYPERLEDGER-FABRIC-PEER-2022-36023 Remote denial of service in Hyperledger Fabric Gateway

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

7CVSS5.7AI score0.00912EPSS
Exploits0References6
OSV
OSV
added 2024/07/18 7:21 p.m.14 views

BIT-HYPERLEDGER-FABRIC-ORDERER-2022-45196

Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...

7.5CVSS7.2AI score0.00797EPSS
Exploits1References3
OSV
OSV
added 2024/07/18 7:21 p.m.10 views

BIT-HYPERLEDGER-FABRIC-PEER-2022-45196

Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...

7.5CVSS7.2AI score0.00797EPSS
Exploits1References3
OSV
OSV
added 2024/07/18 7:21 p.m.17 views

BIT-HYPERLEDGER-FABRIC-TOOLS-2022-45196

Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...

7.5CVSS7.2AI score0.00797EPSS
Exploits1References3
OSV
OSV
added 2024/07/18 7:21 p.m.12 views

BIT-HYPERLEDGER-FABRIC-TOOLS-2023-46132 Crosslinking transaction attack in hyperledger/fabric

Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...

7.1CVSS6.5AI score0.00519EPSS
Exploits1References2
OSV
OSV
added 2024/07/18 7:21 p.m.18 views

BIT-HYPERLEDGER-FABRIC-PEER-2023-46132 Crosslinking transaction attack in hyperledger/fabric

Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...

7.1CVSS6.5AI score0.00519EPSS
Exploits1References2
OSV
OSV
added 2024/07/18 7:21 p.m.12 views

BIT-HYPERLEDGER-FABRIC-ORDERER-2023-46132 Crosslinking transaction attack in hyperledger/fabric

Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...

7.1CVSS6.5AI score0.00519EPSS
Exploits1References2
Hacker One
Hacker One
added 2024/04/19 4:38 p.m.37 views

Hyperledger: Code exec on Github runner via Pull request name

A command injection vulnerability was discovered in the GitHub Actions workflow of the Hyperledger Cacti repository. The vulnerability allowed an attacker to inject arbitrary commands and execute them on the GitHub runner by crafting a malicious pull request title. The vulnerability was present i...

7.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/03/27 9:57 p.m.5 views

@hyperledger/cactus-plugin-htlc-coordinator-besu (=2.0.0-alpha.2), @hyperledger/cactus-plugin-persistence-ethereum (>=2.0.0-2945-supply-chain-app-build-failed.241 <=2.0.0-main.214) +19 more potentially affected by CVE-2024-21505 via web3-utils (>=4.0.2-dev.a2a232f.0 <=4.2.1-dev.9d65c38.0)

web3-utils NPM version =4.0.2-dev.a2a232f.0, =2.0.0-2945-supply-chain-app-build-failed.241, =2.0.0-2945-supply-chain-app-build-failed.241, =0.0.88, =0.0.84, =0.0.244-test-deposit-improve-v19, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0,...

7.5CVSS7.1AI score0.00712EPSS
Exploits0
Hacker One
Hacker One
added 2024/03/11 12:54 a.m.49 views

Hyperledger: Docker Secret Disclosure via GitHub Actions Cache Poisoning

The vulnerability involved the disclosure of Docker secrets through GitHub Actions cache poisoning. The issue was reported and subsequently resolved...

7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/02/05 10:0 p.m.9 views

@hyperledger/cactus-plugin-htlc-coordinator-besu (=2.0.0-alpha.2), @hyperledger/cactus-plugin-persistence-ethereum (>=2.0.0-2945-supply-chain-app-build-failed.241 <=2.0.0-main.214) +20 more potentially affected by CVE-2024-21505 via web3-utils (>=4.0.0-alpha.1 <=4.2.1-dev.9d65c38.0)

web3-utils NPM version =4.0.0-alpha.1, =2.0.0-2945-supply-chain-app-build-failed.241, =2.0.0-2945-supply-chain-app-build-failed.241, =0.0.88, =0.0.84, =0.0.244-test-deposit-improve-v19, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0,...

7.5CVSS7.1AI score0.00712EPSS
Exploits0
CNVD
CNVD
added 2024/01/26 12:0 a.m.8 views

Hyperledger Ursa Information Disclosure Vulnerability

Hyperledger Ursa is a cryptographic library open-sourced by Hyperledger for use with the blockchain. Hyperledger Ursa suffers from an information disclosure vulnerability that is caused by a flaw in the dangling scheme in the CL Signatures implementation. An attacker could exploit the vulnerabili...

6.5CVSS6AI score0.00317EPSS
Exploits0References1
Prion
Prion
added 2024/01/16 10:15 p.m.15 views

Design/Logic Flaw

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

5CVSS7.1AI score0.00428EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/01/16 9:35 p.m.47 views

CVE-2022-31021

CVE-2022-31021 concerns Ursa/AnonCreds CL-Signatures: a weakness where the issuer’s key correctness proof is not published, potentially enabling weakened private keys that could allow verifiers to link presentations to the issuer. The issue applies to the CL-Signatures implementations used in Urs...

5.3CVSS5.2AI score0.00428EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/01/16 9:35 p.m.36 views

CVE-2022-31021 Unlinkability broken in ursa when verifiers use malicious keys

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...

3.3CVSS5.5AI score0.00428EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/01/16 9:13 p.m.48 views

Breaking unlinkability in Identity Mixer using malicious keys

CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key ...

5.3CVSS6.8AI score0.00428EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder