PyPI package
indy-node
pkg:pypi/indy-node
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31006 | — | <= 1.12.6 | — | Sep 9, 2022 | indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its in | ||
| CVE-2022-31020 | — | < 1.12.5rc1 | 1.12.5rc1 | Sep 6, 2022 | Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `p | ||
| CVE-2020-11093 | — | < 1.12.4 | 1.12.4 | Dec 24, 2020 | Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized altera | ||
| CVE-2020-11090 | — | >= 1.12.2, < 1.12.3 | 1.12.3 | Jun 11, 2020 | In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential |
- CVE-2022-31006Sep 9, 2022affected <= 1.12.6
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its in
- CVE-2022-31020Sep 6, 2022affected < 1.12.5rc1fixed 1.12.5rc1
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `p
- CVE-2020-11093Dec 24, 2020affected < 1.12.4fixed 1.12.4
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized altera
- CVE-2020-11090Jun 11, 2020affected >= 1.12.2, < 1.12.3fixed 1.12.3
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential