indy-node is vulnerable to remote code execution. The vulnerability exists because the dynamic_validation
function of pool_upgrade_handler.py
does not properly handle the requests, allowing an attacker to inject and execute malicious code on nodes within the network via the NODE_UPGRADE
transaction,
github.com/advisories/GHSA-r6v9-p59m-gj2p
github.com/hyperledger/indy-node/commit/d0578a0e46f0e5c26c199b91e1f07da83abf91c3
github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5
github.com/hyperledger/indy-node/releases/tag/v1.12.5
github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p