indy-node

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting indy-nodepage 1 of 1

CVE-2020-11090HIGHCVSS 7.5EG 7.5✓ Fixed in 1.12.3
2020-06-11
vulnerable: 0.0.1.dev38 ... 1.12.3rc1 (412 versions)
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeat…
CVE-2020-11093HIGHCVSS 7.5EG 7.5✓ Fixed in 1.12.4
2020-12-24
vulnerable: 0.0.1.dev38 ... 1.12.4rc1 (414 versions)
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an att…
CVE-2022-31006HIGHCVSS 7.5EG 7.5✓ Fixed in 1.13.0.dev2
2022-09-09
vulnerable: 0.0.1.dev38 ... 1.9.2rc1 (420 versions)
indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leavin…
CVE-2022-31020HIGHCVSS 8.8EG 8.8✓ Fixed in 1.12.5rc1
2022-09-06
vulnerable: 0.0.1.dev38 ... 1.9.2rc1 (415 versions)
Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute…

Check whether indy-node is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for indy-node CVEs against the assets you own.

Start Free Scan →