github.com/codenotary/immudb is vulnerable to improper authorization. A malicious attacker is able to provide falsified proof that will be accepted by the client SDK, signing a falsified transaction replacing the genuine one. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability.
github.com/codenotary/immudb/commit/7267d67e28be8f0257b71d734611a051593e8a81
github.com/codenotary/immudb/commit/acf7f1b3d62436ea5e038acea1fc6394f90ab1c6
github.com/codenotary/immudb/releases/tag/v1.4.1
github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8
github.com/codenotary/immudb/tree/master/docs/security/vulnerabilities/linear-fake
pkg.go.dev/github.com/codenotary/immudb/pkg/client