VYPR

Bitnami package

hyperledger-fabric-tools

pkg:bitnami/hyperledger-fabric-tools

Vulnerabilities (6)

  • CVE-2026-41586CriMay 7, 2026
    affected >= 1.0.0, < 2.5.9fixed 2.5.9

    Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrust

  • CVE-2024-45244Aug 25, 2024
    affected < 2.5.10fixed 2.5.10

    Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.

  • CVE-2023-46132Nov 14, 2023
    affected >= 1.0.0, < 2.2.14fixed 2.2.14

    Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a bloc

  • CVE-2022-45196Nov 12, 2022
    affected >= 2.3.0, < 2.3.1fixed 2.3.1

    Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.

  • CVE-2022-36023Aug 18, 2022
    affected < 2.4.6fixed 2.4.6

    Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway re

  • CVE-2022-31121Jul 7, 2022
    affected < 2.2.7fixed 2.2.7

    Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and