84 matches found
CVE-2022-31020
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
EUVD-2020-28748
Malware in sbrugna...
EUVD-2020-0087
Malware in sbrugna...
EUVD-2022-0124
Malicious code in bioql PyPI...
EUVD-2022-0125
Malicious code in bioql PyPI...
CVE-2022-31006
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...
CVE-2020-11090
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down...
CVE-2020-11093
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...
GHSA-WH2W-39F4-RPV2 Hyperledger Indy's update process of a DID does not check who signs the request
Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...
Hyperledger Indy's update process of a DID does not check who signs the request
Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:GHSA-WH2W-39F4-RPV2...
aries-askar (=0.1.2), indy-credx (>=0.2.0 <=0.3.1) +5 more potentially affected by CVE-2024-21670 via ursa (>=0.3.6 <=0.3.7)
ursa CARGO version =0.3.6, =0.2.0, =0.5.0, =0.3.1, =0.1.0, =0.1.0, =0.0.6, =0.0.8 Source cves: CVE-2024-21670 Source advisory: OSV:GHSA-R78F-4Q2Q-HVV4...
aries-askar (=0.1.2), indy-credx (>=0.2.0 <=0.3.1) +5 more potentially affected by CVE-2024-22192 via ursa (>=0.3.6 <=0.3.7)
ursa CARGO version =0.3.6, =0.2.0, =0.5.0, =0.3.1, =0.1.0, =0.1.0, =0.0.6, =0.0.8 Source cves: CVE-2024-22192 Source advisory: OSV:GHSA-6698-MHXX-R84G...
Hyperledger: [indy_node]POOL_UPGRADE command injection, Trustee Node can execute command in any other Node`s system.
Vulnerability description not provided...
Hyperledger: POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.
This issue is related to the https://github.com/hyperledger/indy-node. The issue was found in the indy-node code that handles the write request of type POOLUPGRADE in file indy-node/indynode/server/requesthandlers/configreqhandlers/poolupgradehandler.py. The additionaldynamicvalidation function...
GHSA-X996-7QH9-7FF7 Hyperledger indy-node vulnerable to denial of service
Impact An attacker can max out the number of client connections allowed by the ledger that was deployed using guidance provided in the indy-node repository, leaving the ledger unable to be used for its intended purpose. The ledger content will not be impacted by the attack, and the ledger will...
Hyperledger indy-node vulnerable to denial of service
Impact An attacker can max out the number of client connections allowed by the ledger that was deployed using guidance provided in the indy-node repository, leaving the ledger unable to be used for its intended purpose. The ledger content will not be impacted by the attack, and the ledger will...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:GHSA-X996-7QH9-7FF7...
CVE-2022-31006
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31006 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31006 Source advisory: OSV:PYSEC-2022-270...