47 matches found
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31020 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31020 Source advisory: OSV:PYSEC-2022-265...
Remote code execution
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
PYSEC-2022-265
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
PYSEC-2022-265
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
CVE-2022-31020 Remote code execution in Indy's NODE_UPGRADE transaction
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
CVE-2022-31020
Hyperledger Indy-Node (server portion of the Indy ledger) contains a remote code execution vulnerability in the pool-upgrade request handler for versions ≤ 1.12.4. An attacker could remotely execute code on nodes in the network due to improper authentication of pool-upgrade transactions. Indy-Nod...
CVE-2022-31020 Remote code execution in Indy's NODE_UPGRADE transaction
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
CVE-2022-31020 Remote code execution in Indy's NODE_UPGRADE transaction
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
Indy Node 输入验证错误漏洞
Indy Node is the server part of a distributed ledger open-sourced by Hyperledger in the United States. Built specifically for decentralized identities. An input validation error vulnerability exists in versions of Indy Node prior to 1.12.4, which stems from a "pool-upgrade" request handler in...
Remote Code Execution (RCE)
indy-node is vulnerable to remote code execution. The vulnerability exists because the dynamicvalidation function of poolupgradehandler.py does not properly handle the requests, allowing an attacker to inject and execute malicious code on nodes within the network via the NODEUPGRADE transaction,...
GHSA-R6V9-P59M-GJ2P Indy's NODE_UPGRADE transaction vulnerable to remote code execution
Impact The pool-upgrade request handler in Indy-Node =1.12.5 as soon as possible. Patches The pool-upgrade request handler in Indy-Node =1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are furth...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2022-31020 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2022-31020 Source advisory: OSV:GHSA-R6V9-P59M-GJ2P...
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
Impact The pool-upgrade request handler in Indy-Node =1.12.5 as soon as possible. Patches The pool-upgrade request handler in Indy-Node =1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are furth...
PT-2022-20465 · Indy Node · Indy Node
Name of the Vulnerable Software and Affected Versions: Indy Node versions 1.12.4 and prior Description: The issue affects the server portion of a distributed ledger purpose-built for decentralized identity. In the affected versions, the pool-upgrade request handler in Indy-Node allows an improper...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:PYSEC-2020-48...
PYSEC-2020-48
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...
CVE-2020-11093
Hyperledger Indy Node (server for decentralized identity) prior to version 1.12.4 suffers from lack of signature verification on a specific transaction (nym update). The flaw allows any DID to request a nym update for another DID without changing its own ROLE or VERKEY, regardless of sender. Cons...
CVE-2020-11090
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down...
CVE-2020-11090
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down...
ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11090 via indy-node (=1.0.28)
indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11090 Source advisory: OSV:PYSEC-2020-47...