Lucene search
Veracode Vulnerability DatabaseVERACODE:36935HistorySep 05, 2022 - 4:26 a.m.
Remote Code Execution (RCE)
2022-09-0504:26:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.008 Low
EPSS
Percentile
81.5%
indy-node is vulnerable to remote code execution. The vulnerability exists because the dynamic_validation function of pool_upgrade_handler.py does not properly handle the requests, allowing an attacker to inject and execute malicious code on nodes within the network via the NODE_UPGRADE transaction,
References
github.com/advisories/GHSA-r6v9-p59m-gj2p
github.com/hyperledger/indy-node/commit/d0578a0e46f0e5c26c199b91e1f07da83abf91c3
github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5
github.com/hyperledger/indy-node/releases/tag/v1.12.5
github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p
Related
github
github
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
2022-09-02 21:55:20
osv
osv
PYSEC-2022-265
2022-09-06 17:15:00
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
2022-09-02 21:55:20
CVE-2022-31020
2022-09-06 17:15:08
hackerone
hackerone
cvelist
cvelist
CVE-2022-31020 Remote code execution in Indy's NODE_UPGRADE transaction
2022-09-06 16:30:19
cve
cve
CVE-2022-31020
2022-09-06 17:15:08
nvd
nvd
CVE-2022-31020
2022-09-06 17:15:08
prion
prion
Remote code execution
2022-09-06 17:15:00