Go modules package
github.com/hyperledger/fabric
pkg:golang/github.com/hyperledger/fabric
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45244 | — | <= 2.5.9 | — | Aug 25, 2024 | Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window. | ||
| CVE-2023-46132 | — | >= 1.0.0-alpha, < 2.2.14 | 2.2.14 | Nov 14, 2023 | Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a bloc | ||
| CVE-2022-36023 | — | >= 2.4.0, < 2.4.6 | 2.4.6 | Aug 18, 2022 | Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway re | ||
| CVE-2022-31121 | — | < 2.2.7 | 2.2.7 | Jul 7, 2022 | Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and | ||
| CVE-2021-43669 | — | < 2.4.0 | 2.4.0 | Nov 18, 2021 | A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted | ||
| CVE-2021-43667 | — | >= 2.3.0, < 2.3.3 | 2.3.3 | Nov 18, 2021 | A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. I |
- CVE-2024-45244Aug 25, 2024affected <= 2.5.9
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.
- CVE-2023-46132Nov 14, 2023affected >= 1.0.0-alpha, < 2.2.14fixed 2.2.14
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a bloc
- CVE-2022-36023Aug 18, 2022affected >= 2.4.0, < 2.4.6fixed 2.4.6
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway re
- CVE-2022-31121Jul 7, 2022affected < 2.2.7fixed 2.2.7
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and
- CVE-2021-43669Nov 18, 2021affected < 2.4.0fixed 2.4.0
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted
- CVE-2021-43667Nov 18, 2021affected >= 2.3.0, < 2.3.3fixed 2.3.3
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. I