222 matches found
Hyperledger Ursa Security Breach
Hyperledger Ursa is a Hyperledger open source cryptographic library for use with blockchains. A security vulnerability exists in Hyperledger Ursa versions prior to 0.3 that stems from a lack of checking the correctness of CL signature issuer keys...
Hyperledger Ursa Encryption Issue Vulnerability
Hyperledger Ursa is a Hyperledger open source cryptographic library for use with the blockchain. A cryptographic issue vulnerability exists in Hyperledger Ursa version 0.1.0 that stems from allowing a malicious holder of revoked credentials to generate a valid, non-revoked proof for that credenti...
Hyperledger Ursa 加密问题漏洞
Hyperledger Ursa is a cryptographic library open-sourced by Hyperledger for use with the blockchain. Hyperledger Ursa suffers from an information disclosure vulnerability that is caused by a flaw in the dangling scheme in the CL Signatures implementation. An attacker could exploit the vulnerabili...
CVE-2024-21669
Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...
Format string
Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...
CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...
CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...
CVE-2024-21669
Hyperledger Aries Cloud Agent Python (ACA-Py) contains CVE-2024-21669: when verifying W3C JSON-LD Verifiable Credentials with Linked Data Proofs (LDP-VCs), the result of validating document.proof is not factored into the final presentation verification. This allows holders to present incorrectly ...
CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...
GHSA-97X9-59RV-Q5PM Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...
Hyperledger: CVE-2023-46132
A vulnerability was discovered in which the way transactions were hashed in Fabric blockchain blocks allowed an attacker to manipulate the transaction data while keeping the block hash unchanged. This could enable an adversary to fork the blockchain network state through malicious blocks that...
Transaction Cross Linking
Hyperledger Fabric is vulnerable to Transaction Cross Linking. The vulnerability is due to the insecure concatenation of transactions in a block, allowing an adversary to craft a cross-linked block resulting in Transaction Cross Linking...
CVE-2023-46132
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
Cross site scripting
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
CVE-2023-46132 Crosslinking transaction attack in hyperledger/fabric
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
CVE-2023-46132 Crosslinking transaction attack in hyperledger/fabric
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
CVE-2023-46132
CVE-2023-46132 describes a cross-linking attack against Hyperledger Fabric blocks where transaction encodings can be manipulated without changing the block hash. The connected documents provide concrete technical details and fixes: Fabric blocks hash transactions by naive concatenation, allowing ...
CVE-2023-46132 Crosslinking transaction attack in hyperledger/fabric
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
CVE-2023-46132
creationtimestamp| type| source ---|---|--- 2023-11-14 18:01:50+00:00| published-proof-of-concept| https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m...