4 matches found
PYSEC-2022-265
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
CVE-2022-31020 Remote code execution in Indy's NODE_UPGRADE transaction
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...
Indy Node 输入验证错误漏洞
Indy Node is the server part of a distributed ledger open-sourced by Hyperledger in the United States. Built specifically for decentralized identities. An input validation error vulnerability exists in versions of Indy Node prior to 1.12.4, which stems from a "pool-upgrade" request handler in...
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
Impact The pool-upgrade request handler in Indy-Node =1.12.5 as soon as possible. Patches The pool-upgrade request handler in Indy-Node =1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are furth...