CVE-2022-31006

CVE-2022-31006 affects Hyperledger Indy’s indy-node server. In vulnerable versions, an attacker can exhaust the ledger’s allowed client connections, causing a denial of service where the ledger remains functionally operable but unavailable to others until the attack ends. The impact is availabili...

CVE-2022-31020

Hyperledger Indy-Node (server portion of the Indy ledger) contains a remote code execution vulnerability in the pool-upgrade request handler for versions ≤ 1.12.4. An attacker could remotely execute code on nodes in the network due to improper authentication of pool-upgrade transactions. Indy-Nod...

CVE-2020-11093

Hyperledger Indy Node (server for decentralized identity) prior to version 1.12.4 suffers from lack of signature verification on a specific transaction (nym update). The flaw allows any DID to request a nym update for another DID without changing its own ROLE or VERKEY, regardless of sender. Cons...

CVE-2020-11090

Indy Node 1.12.2 contains an Uncontrolled Resource Consumption vulnerability in the TAA handling code. A malformed client transaction can crash the current primary, triggering view changes that, if repeated rapidly, may disrupt the network. The issue is fixed in version 1.12.3; users should upgra...